Request a Demo

Privacy Policy

How OxygenRX and MedivaPharma collect, use, share and protect your personal information under UK GDPR and the Data Protection Act 2018.

Last updated: May 2026 Applies to: www.medivapharma.co.uk, oxygenrx.co.uk and related services

Introduction

MedivaPharma Limited (the company, additionally known and operating as 'MedivaPharmacy') is committed to protecting your privacy and ensuring that any information we collect about you is never misused.

This policy explains what information we collect, how and why we use it, how we keep it safe, and what your rights are under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

By using our websites (www.medivapharma.co.uk or oxygenrx.co.uk), services, and products, you agree to the way we collect and use your personal information according to the terms of this privacy policy. We may change this policy from time to time, and we will inform you of any changes that may affect your personal information. You will always have the right to withdraw your consent at any time.

Any questions regarding this Privacy Policy and our privacy practices should be sent by email to info@medivapharma.co.uk / info@oxygenrx.co.uk or by writing to MedivaPharma Limited, Unit 54 Tanners Drive, Blakelands, Milton Keynes, MK14 5BP. Alternatively, you can telephone 01908 617 328.

The rules on processing personal data are set out in the UK GDPR and supplemented by the Data Protection Act 2018.

About us

MedivaPharma is a medical and aesthetics pharmacy supporting healthcare professionals and their patients. We are committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws and UK GDPR.

Principles

MedivaPharma welcomes the UK GDPR and Data Protection Regulation 2018 as key regulations that reaffirm our commitment to safeguarding personal data. We are committed to ensuring that:

  • We only collect and use personal data that is relevant and necessary to provide or improve our products and services for patients and healthcare professionals.
  • You can request a copy of the information we hold about you at any time.
  • We keep your personal information safe and secure through appropriate technical and organisational measures.
  • Personal data is processed fairly, lawfully, and in a transparent manner.
  • We will never sell your details or share them except as described in this policy or where you instruct us to.
  • We will notify you of any important changes that affect how we use your information.
  • We take full responsibility for the information we hold about you.
  • We only keep your information for as long as it is necessary to fulfil the purposes for which it was collected and to comply with our legal and regulatory obligations.

What personal information we collect

We may collect the following categories of personal information when you engage with MedivaPharma & OxygenRX as a patient, healthcare professional, customer, prospective customer, or website user (for example, when submitting prescriptions, completing forms, or creating an account):

  • Full name
  • Address(es)
  • Date of birth
  • Contact telephone number(s)
  • Email address(es)
  • Professional or business website address
  • Financial details (credit/debit card details or payment information)
  • Professional affiliations, memberships, or registrations
  • Training certificates and accreditations
  • Business or organisation social media links
  • Healthcare or professional registration details
  • Photographic identification (e.g., passport or driving licence)

Sensitive data we may collect

  • Prescription medication information
  • Allergy information
  • Relevant medical history

We will only collect and process special category personal data where it is necessary for the provision of healthcare or pharmacy services, for compliance with our legal and regulatory obligations, or where we have obtained your explicit consent to do so.

We will not collect more information than is necessary and will use it only to provide you, as a patient and/or healthcare professional, with appropriate medication, products, and services.

How we collect and process personal information

We collect personal information in a variety of ways, including directly from you and, in some cases, from third parties where this is lawful and appropriate.

Direct collection

You provide us with personal information when you engage in any of the following activities:

  • Corresponding with us by phone, email, website contact form, social media, or otherwise.
  • Submitting a prescription for dispensing purposes.
  • Registering with MedivaPharma online, by post, or by email.
  • Completing a MedivaPharma registration form.
  • Subscribing to our newsletter, mailing list, or other MedivaPharma marketing communications (with your consent).
  • Making a purchase or placing an order with us online, by phone, or by email.
  • Participating in our discussion boards, chat services, or social media platforms.
  • Entering competitions, promotions, or events.
  • Completing surveys or questionnaires.
  • Sharing professional/business social media content (where you have permitted us to use it).
  • Interacting with our communications (e.g., email opens and link clicks).

Third-party sources

We may also receive information about you from:

  • Organisations you have authorised to share your information with us.
  • Professional or regulatory bodies, where necessary to confirm registration details.
  • Other lawful sources where permitted by data protection law.

Lawful bases for processing

We process personal information in accordance with the lawful bases set out under UK GDPR and the Data Protection Act 2018. Depending on the context, we may rely on one or more of the following lawful bases:

Contract
To provide you with our products and services, manage your account, process prescriptions, and fulfil your orders.
Legal obligation
To comply with pharmacy, healthcare, tax, and regulatory requirements (for example, the Medicines Act, GPhC regulations, or audit obligations).
Legitimate interests
To improve our services, verify professional registrations, carry out security checks, respond to enquiries, and administer our business, provided these interests are not overridden by your rights and freedoms.
Consent
Where you have provided explicit consent, for example, to receive marketing communications or for us to process certain special category data.
Vital interests
In rare cases, where processing is necessary to protect someone's life.

We will always ensure that your personal information is processed fairly, transparently, and securely, and only for the specific purposes for which it was collected.

How we use your personal information

The personal information we collect from patients, healthcare professionals, customers, prospective customers, and registrants may be used for the following purposes:

Dispensing of medication
To dispense prescriptions provided by prescribers. The prescriber is the data controller; MedivaPharma acts as a data processor or independent controller depending on the activity. Lawful basis: contract, legal obligation, legitimate interest.
Auditing and compliance
To carry out audits of the pharmacy and dispensing services. Lawful basis: legal obligation, legitimate interest.
Professional verification
To verify your identity as a registered healthcare professional and to set up a pharmacy/wholesale account. Lawful basis: contract, legitimate interest, legal obligation.
Providing products and services
To give you access to our products and services, including providing quotes, offers, promotions, and updates. Lawful basis: contract, legitimate interest (where appropriate).
Regulatory communications
To inform you by phone, email, or text of any changes required to comply with legal or regulatory obligations. Lawful basis: legal obligation.
Customer account management
To administer and manage customer accounts, process orders, and respond to enquiries. Lawful basis: contract.
Feedback and enquiries
To receive, review, and respond to any information or documentation you provide us. Lawful basis: contract, legitimate interest.
Service development and quality control
For administrative purposes, planning, research, and development to improve our products and services. Lawful basis: legitimate interest.
Marketing communications
To send you information about products and services where you have opted in. You may withdraw consent at any time. Lawful basis: consent.
Identity and security checks
To confirm customer identities as part of our security measures. Lawful basis: legitimate interest, legal obligation.
Regulatory status checks
To confirm registration status of healthcare professionals with the GMC, GDC, NMC, or GPhC as part of order processing. Lawful basis: legal obligation, legitimate interest.
Customer feedback
To collect your views and comments on the services we provide. Lawful basis: legitimate interest, consent (if used for marketing).

We will not use your personal information for purposes that are incompatible with those set out above. Where consent is the lawful basis, you may withdraw it at any time, and we will ensure that your preferences are updated without delay.

How we keep your personal information safe

At MedivaPharma, we take the security of your personal information seriously. We have implemented a range of technical, organisational, and physical security measures to protect personal data against unauthorised access, accidental loss, misuse, disclosure, or alteration.

These measures include secure storage systems, access controls, staff training, and encryption where appropriate. We regularly review and update our security procedures to ensure they remain effective and compliant with the UK GDPR, the Data Protection Act 2018, and the Payment Card Industry Data Security Standards (PCI DSS) for payment processing.

Access to personal information is restricted only to authorised personnel who require it for the performance of their duties. All staff handling personal data receive regular data protection and confidentiality training.

Where we use third-party providers (such as IT, hosting, or payment service providers), they are contractually required to implement appropriate security measures and comply with applicable data protection laws.

If we provide you with (or you choose) a password that enables you to access certain parts of our website or systems, you are responsible for keeping this password confidential and must not share it with anyone else.

We also carry out regular monitoring, auditing, and penetration testing of our systems to ensure continued protection of your data. In the event of a personal data breach that creates a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) in accordance with our legal obligations.

We only keep your personal information for as long as it is necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory, and professional requirements. Once information is no longer needed, it will be securely deleted, anonymised, or destroyed.

CCTV

MedivaPharma operates CCTV systems at our pharmacy and office locations. CCTV is used for the health and safety of employees and visitors, as well as for the prevention and detection of crime, and to protect our premises.

CCTV footage is only accessible to authorised MedivaPharma staff who require it for their duties. Access is strictly controlled, and footage is stored securely.

We will never share CCTV images or related personal information with third parties unless:

  • We are required to do so by law or regulatory authority;
  • It is necessary to protect the vital interests of an individual; or
  • It is required for a legitimate purpose such as the defence or establishment of legal claims.

All CCTV data is retained only for as long as necessary to fulfil the purposes outlined above and in accordance with ICO guidance. Once no longer required, footage will be securely deleted.

Clear signage is displayed at our sites to inform staff, patients, and visitors that CCTV is in operation, in line with UK GDPR and the Data Protection Act 2018.

Sharing your personal information

We will never sell your personal information. We only share your information with third parties where it is necessary, lawful, and consistent with this Privacy Policy.

We may share your information with:

  • Suppliers and manufacturers where required to fulfil contractual obligations (e.g., supply and distribution of medicines or products).
  • Training providers or academies if you request additional training or support services.
  • Professional groups or organisations where relevant to your professional requirements and with your consent.
  • Credit control, financial management, or legal firms for the management of customer accounts, debt recovery, or legal compliance.
  • Regulators and public authorities such as the General Pharmaceutical Council (GPhC), MHRA, HMRC, or law enforcement agencies, where disclosure is required by law or regulation.

We may also share your details, achievements, or professional successes in our communications (such as media, social media, or our website), but only with your prior consent.

International transfers

We primarily store and process personal data within the UK. If we do transfer your data outside the UK (or the European Economic Area, where applicable), we will ensure appropriate safeguards are in place in accordance with UK GDPR and the Data Protection Act 2018. These may include:

  • Transfers to countries that have been granted adequacy regulations by the UK Government; or
  • Use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs) to ensure your information remains protected.

All third parties with whom we share personal data are required to comply with strict contractual data protection obligations and to process your data securely and lawfully.

Cookies and IP addresses

When you visit our website (www.medivapharma.co.uk & oxygenrx.co.uk), we may place small text files known as cookies on your device. Cookies help us to:

  • Recognise you when you return to our website;
  • Understand how our website is being used;
  • Improve your browsing experience; and
  • Deliver relevant content or marketing (if you have consented to this).

We may also collect your IP address and related technical information (such as browser type, operating system, and device identifiers) to help maintain website security, diagnose problems, and analyse site usage.

Types of cookies we use

Strictly necessary cookies
Essential for the operation of the website (these do not require consent).
Performance and analytics cookies
Help us understand how visitors use the site (consent required).
Functional cookies
Remember your preferences and settings (consent required).
Marketing cookies
Used to deliver relevant advertising and measure its effectiveness (consent required).

Your choices

When you first visit our site, you will be asked whether you wish to accept or reject non-essential cookies via our cookie banner. You can change your cookie preferences at any time by accessing the "Cookie Settings" link provided on our website.

If you choose to decline cookies, some parts of our website may not function correctly.

Third-party cookies

Our website may include links to or integrations with social media platforms (such as Facebook, Instagram, and LinkedIn). These third parties may also set cookies on your device when you interact with their content through our site. Please review their privacy policies for more information on how they use cookies.

We use cookies and similar technologies in compliance with the UK GDPR and the Privacy and Electronic Communications Regulations (PECR). Learn more at ico.org.uk/your-data-matters/online/cookies.

Communications: email, chat, and social media

We may communicate with you by email, telephone, live chat, or through our official social media channels. We make every effort to ensure that these communications are carried out through secure and compliant channels.

Email and chat communications

  • We recommend that you do not send sensitive or confidential personal information (such as health or payment details) via unencrypted email or chat.
  • Where secure alternatives are required (for example, for prescriptions or medical information), we will direct you to use official secure platforms provided by MedivaPharma.

Social media communications

  • Our official social media accounts may be used for general communication, marketing, and customer engagement.
  • We do not recommend that you share personal or sensitive information through social media messaging services. If you do, you do so at your own risk.
  • Any information you provide through third-party social media platforms will also be subject to those platforms' own privacy policies.

Marketing communications

We will only send you marketing communications (such as updates about our products, services, offers, or events) if you have given your explicit consent or if we are otherwise permitted to do so under applicable law. You have the right to withdraw your consent to marketing at any time, for example by clicking the "unsubscribe" link in our emails or by contacting us directly.

Payment and finance details

We use your payment details only for the purpose of processing authorised transactions. We will never use your financial information for purposes you have not agreed to, and we will not retain your details for longer than necessary.

How we process payments

  • Payments are processed securely in line with the Payment Card Industry Data Security Standards (PCI DSS).
  • Transactions are handled either directly by MedivaPharma or through trusted third-party payment service providers who are contractually bound to maintain strict security and confidentiality.
  • Only authorised MedivaPharma personnel have access to payment details where necessary to process a transaction.

Information we may collect for payment processing

  • Cardholder name
  • Card number
  • Expiry date
  • Card security code (CSC/CVV)

This information is encrypted and securely transmitted to our payment processor. We do not store full card details on our systems unless there is a lawful reason to do so and we have obtained your explicit consent (for example, where you request recurring billing).

Lawful basis: contract (to fulfil your purchase order) and legal obligation (for accounting, auditing, and tax purposes).

Retention: We retain payment information only for as long as necessary to complete the transaction and meet legal, financial, and regulatory obligations. Once this period has expired, your details will be securely deleted or anonymised.

Children

Our website, products, and services are intended for healthcare professionals and adult customers. They are not directed at children under the age of 18, and we do not knowingly collect personal information from children.

We ask that children do not register with us, create accounts, or provide any personal information through our website or services. If we become aware that we have inadvertently collected personal information from a child, we will delete it as soon as possible and take steps to ensure it is not processed further.

If you are a parent or guardian and believe that your child has provided information to us, please contact us immediately at info@medivapharma.co.uk or info@oxygenrx.co.uk so that we can take appropriate action.

MedivaPharma complies with the UK GDPR, the Data Protection Act 2018, and the ICO Children's Code by ensuring our services are not designed to profile, market to, or otherwise exploit children's data.

Your rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have a number of rights in relation to the personal data we hold about you. These include:

Right to be informed
You have the right to clear and transparent information about how we collect and use your personal data. This Privacy Policy forms part of that transparency.
Right of access
You can request a copy of the personal data we hold about you, together with certain details about how we process it (commonly known as a Subject Access Request).
Right to rectification
You can ask us to correct or complete any inaccurate or incomplete personal data we hold about you.
Right to erasure
In certain circumstances, you can ask us to delete your personal data (also known as the "right to be forgotten"). We may still need to retain certain information where required by law or regulatory obligations.
Right to restrict processing
You can ask us to restrict how we use your data in certain situations, for example, where you contest its accuracy or object to its processing.
Right to data portability
You can request that we provide the personal data you have given to us in a structured, commonly used, and machine-readable format, and have it transferred to another controller where processing is based on consent or contract and carried out by automated means.
Right to object
You can object to the processing of your personal data where we are relying on legitimate interests (including profiling) or where your data is being processed for direct marketing purposes.
Right to withdraw consent
Where we rely on your consent to process personal data (for example, for marketing), you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
Automated decision-making and profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, where that decision has a legal or similarly significant effect on you.
Right to complain
If you have concerns about how we handle your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. Further information can be found at ico.org.uk.

To exercise any of these rights, please contact us at:

Email: info@medivapharma.co.uk or info@oxygenrx.co.uk
Post: MedivaPharma Limited, Unit 54 Tanners Drive, Blakelands, Milton Keynes, MK14 5BP

How to change your contact preferences

You are always in control of how we contact you. If you have given us consent to receive marketing communications (such as updates, offers, or newsletters), you can withdraw that consent at any time.

You can:

  • Click the "unsubscribe" link included in our marketing emails;
  • Update your preferences through any account settings we provide; or
  • Contact us directly using the details below to let us know your updated preferences.

If you choose to withdraw consent, we will update your records as soon as possible. We may still need to contact you for non-marketing purposes (for example, about an order you have placed, a service you are receiving, or where we are legally required to do so).

To update your contact preferences, please email us at info@medivapharma.co.uk or write to us at:

MedivaPharma Limited
Unit 54 Tanners Drive, Blakelands
Milton Keynes, MK14 5BP