Now under new management Mon — Fri 9am to 6pm · Sat 9am to 5pm 0121 472 0155
Selly Pharmacy
Bristol Road · B29
0121 472 0155 Nominate EPS
Home/Privacy Policy

Privacy Policy

How we collect, use, share, and protect your personal information when you use our pharmacy services or this website.

Last updated: 7 May 2026.
Data Controller: Selly Pharmacy, Unit 2480, Bristol Road, Selly Oak, Birmingham, B29 6BD.
This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our pharmacy services or interact with this website.

1.Who we are

Selly Pharmacy ("we", "us", "our") is an independent community pharmacy located at Unit 2480, Bristol Road, Selly Oak, Birmingham, B29 6BD. We are a registered pharmacy with the General Pharmaceutical Council (GPhC), the regulator for pharmacies and pharmacy professionals in Great Britain.

We are the "data controller" responsible for the personal information we collect from our patients, customers, and website users. This means we determine how and why your data is processed, and we are legally accountable for it under the UK GDPR and Data Protection Act 2018.

Our Information Governance Lead is the Superintendent Pharmacist. To contact us about this policy or any data protection matter, see section 11 below.

2.Information we collect

The information we collect depends on which of our services you use. We collect only what we need to provide safe, effective pharmacy care.

Patient and prescription information

When we dispense your prescriptions or provide a clinical service (such as Pharmacy First, blood pressure checks, or contraception), we collect:

  • Your full name, date of birth, address, and contact details.
  • Your NHS number, where applicable.
  • Information about your GP and any other healthcare providers involved in your care.
  • Your medical history relevant to the medicines we are dispensing or the service we are providing.
  • Information about the medicines you currently take, allergies, and any adverse reactions.
  • Records of consultations, including the advice we gave and any decisions taken.

Some of this information is "special category" data under data protection law (in particular, health data). We treat it with the additional protections the law requires.

Information you provide via this website

If you complete a form on this website (for example, to nominate us under the Electronic Prescription Service or to request a repeat prescription), we collect the information you provide in those forms. The forms themselves describe what is collected and why.

Form submissions are processed via Formspree, a third-party form-handling service. Form data is sent to our secure email inboxes (hello@sellypharmacy.co.uk and repeatprescriptions@sellypharmacy.co.uk) and stored within our pharmacy management system as appropriate.

Information collected automatically

When you visit this website, our hosting provider may automatically collect limited technical information such as your IP address (anonymised), the pages you visit, the time and date of your visit, and the type of device and browser you are using. This information is used to keep the site secure and to understand how it is being used. See section 9 below for more on cookies.

3.How we use your information

We use your information to:

  • Dispense your NHS and private prescriptions safely and accurately.
  • Provide you with clinical pharmacy services (such as Pharmacy First, blood pressure checks, contraception, blister packs, vaccinations).
  • Communicate with you about your prescriptions, appointments, or our services.
  • Process EPS nominations and liaise with your GP surgery.
  • Send you appointment reminders or notifications when your prescription is ready.
  • Maintain accurate records as required by law and by our professional regulator.
  • Submit information to the NHS Business Services Authority (BSA) for prescription reimbursement.
  • Respond to your enquiries and complaints.
  • Improve our services, train our staff, and audit the quality of our care.
  • Comply with our legal, regulatory, and professional obligations.

If you have given consent, we may also send you information about new services or seasonal health reminders. You can withdraw this consent at any time.

We rely on the following legal bases under the UK GDPR:

  • Article 6(1)(c) — legal obligation: for processing required by law or our regulator, such as record-keeping and reporting to the NHS BSA.
  • Article 6(1)(e) — public task: for the provision of NHS services under contract with NHS England.
  • Article 6(1)(b) — contract: for private services where you have engaged us to provide care.
  • Article 6(1)(a) — consent: for marketing communications and any optional services where consent is the appropriate basis.
  • Article 9(2)(h) — provision of health care: for processing health data needed for your care.

5.Sharing your information

We share information only where necessary, lawful, and proportionate. We may share your information with:

  • Your GP and other NHS healthcare providers involved in your care, including hospitals, sexual health services, and community nurses, where this supports safe and continuous care.
  • NHS England and the NHS Business Services Authority (BSA) for the administration of NHS contracts, prescription reimbursement, and clinical audit.
  • The General Pharmaceutical Council (GPhC) if required as part of regulatory inspections or investigations.
  • Our service providers who help us operate, including our pharmacy management system supplier, our website host, our email provider, and Formspree (form processing). Each is bound by contract to protect your data.
  • Law enforcement, courts, or public authorities where we are legally required to do so.

We do not sell your personal information. We do not share your data with advertising networks or use it for advertising purposes.

6.How long we keep your information

We keep your information only for as long as is necessary, and in line with NHS and professional retention guidance. Typical retention periods:

  • Patient medication records: generally 8 years for adults, longer for children (until age 26).
  • Controlled drugs registers: 7 years.
  • Records of advanced services (e.g. Pharmacy First consultations): 8 years.
  • Email correspondence: retained while operationally relevant, then deleted.
  • Website form submissions: processed and deleted from the email system once actioned and added to the relevant patient record.

Records may be kept longer if there is a legal, regulatory, or clinical reason to do so.

7.Your rights

Under the UK GDPR you have the following rights in relation to your personal data:

  • Right of access — to ask for a copy of the information we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — to ask us to delete your data, subject to legal exceptions (most clinical records cannot be deleted while we have a legal duty to keep them).
  • Right to restriction — to ask us to limit how we process your data.
  • Right to object — to object to certain types of processing, including direct marketing.
  • Right to data portability — to receive your data in a portable format.
  • Right to withdraw consent — where we are processing on the basis of your consent.
  • Right to lodge a complaint — see section 11.

To exercise any of these rights, please contact us using the details in section 11. We will respond within one month.

8.How we protect your information

We take the security of your information seriously. Our safeguards include:

  • Encrypted storage and transmission of clinical records.
  • Strict access controls — only staff who need to see your data can access it.
  • Regular staff training on confidentiality and information governance.
  • Secure disposal of paper records via confidential waste services.
  • Use of established, secure suppliers for our pharmacy management system, email, website hosting, and form processing.
  • Compliance with the NHS Data Security and Protection Toolkit, where applicable.

If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office and you, where required, within the timescales set by law.

9.Cookies

This website uses a small number of cookies. See our separate Cookie Policy for full details.

10.Changes to this policy

We may update this Privacy Policy from time to time, particularly when our services or the law change. We will post the updated policy on this page and update the "last updated" date at the top. For substantial changes, we may also notify you directly.

11.Contact and complaints

If you have any questions about this Privacy Policy, would like to exercise any of your rights, or wish to make a complaint, please contact us:

  • By post: Selly Pharmacy, Unit 2480, Bristol Road, Selly Oak, Birmingham, B29 6BD.
  • By email: hello@sellypharmacy.co.uk
  • By phone: 0121 472 0155, asking for the Information Governance Lead.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
This privacy policy is provided as a starting framework based on UK GDPR and Data Protection Act 2018 requirements applicable to community pharmacies. It should be reviewed and adapted by a qualified data protection professional or solicitor before being relied upon for live operational use.