Appendix: Privacy Notice
Let's talk about privacy
At Boots, we believe in making things easy for our colleagues and suppliers. We know there’s nothing more off-putting than the sight of a lot of boring small print, so we’ve written our Privacy Policy to make it clear, simple and easy to read.
The policy explains how Boots uses your personal data, when you are using the Partner Portal and all Applications within the Portal
Our promise to you
Boots is committed to protecting your privacy. We believe in using your personal information to make things simpler and better for you. We’ll always keep your personal information safe and will never sell it to third parties. We’ll be clear and open with you about why we collect your personal information and how we use it. Where you have choices or rights, we’ll explain them to you and respect your wishes. We’ve written this Privacy Policy in plain English to tell you how and why we use your personal information. We hope you’ll find it clear and simple but if you have any concerns or questions please feel free to contact your commercial contact or via this link Contact-us link
- Data we collect about you
Collecting information about you
Please see below examples of personal data collected from you via the Partner Portal and Applications;
- Identity Data includes first name, last name and title.
- Contact Data includes email address (personal and/or business) and landline and mobile telephone numbers (personal and/or business).
- Technical Data includes internet protocol (IP) address log in date and last log in
- Profile Data includes username, organisation
- Usage Data includes information about how you use our Portal and Applications
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service, but we will notify you if this is the case at the time.
- How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where we need to report on process compliance.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. If you need details about the specific legal ground please contact us using the details provided above.
|
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
|
To register you as a supplier and process any enquiries you may have. |
(a) Identity (b) Contact |
Performance of a contract with you |
|
To administer and protect our business and Portal including the Portal applications (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Technical |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, for the security of our premises and staff)
Necessary to comply with a legal obligation |
|
Notifying you about changes to our terms or privacy policy |
Contact information |
Necessary to comply with a legal obligation |
|
To correspond with you and discuss potential contractual arrangements for the supply of goods and/or services |
Contact information |
Necessary for our legitimate interests (to develop our products and grow our business |
Cookies
We collect the essential minimum cookies to operate the Partner Portal and the applications within it. This includes training functionality to assist users and enhance their experience and ease of use of the applications. In this instance, a unique ID is created for you that cannot be identified back to you as an individual but ensures that mandatory training content is only displayed to you the first time you access the system. If you were to use a new browser or clear cookies you would be assigned a new ID, and this content would be displayed to you again.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, contact us using the details provided.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
3. Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 2 above.
‘We’ or ‘Boots’ means companies within the Walgreens Boots Alliance Group, including subsidiaries, affiliates, joint ventures and franchises. We share your personal information among these companies in order to provide, and keep you informed about our services, to handle any complaints or queries, and to give you the best service we possibly can. You can find out more about the companies in Walgreen Boots Alliance on our website.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
4. International transfers
We share your personal information with companies that provide services on our behalf. We always ensure these companies give your information the same level of care and security we do. If your information is to be sent outside of the UK or EEA (European Economic Area), we make sure it’ll be subject to standards of protection and security that are as high as those Boots uses here in the UK.
We’ll always conduct a full review of our suppliers’ processes and procedures. To ensure adequacy when sending your data outside of the UK and EEA, we put in place contracts based on the Standard Model Contract Clauses to guarantee adequacy, we also use alternative safeguards where Standard Model Contract Clauses are not suitable.
5. Data security
We have put in place appropriate security measures to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Data retention
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Personal data will not be retained for a period greater than ten years.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7. Staying in control of your information: Your rights
We respect the fact that your personal information is your information, and we’ll make it easy for you to update or change your personal details. Please help us to help you by letting us know if your contact details change, or if you spot any errors in the information we hold about you.
What information am I entitled to?
Your data rights are explained below, all of which are free of charge and should be concluded within a 30-day time frame. We may require you to provide identification in order to fulfil your request.
|
Access |
You have a to right to obtain a copy of all the information that Boots holds about you, such as personal details, correspondence, complaints or queries. |
|
Portability |
You can request that Boots moves your data to another service provider. This is not an automatic right; this depends on the type of data that Boots holds about you and the reason Boots process the data. |
|
Processing |
You have a to right to request that Boots stop certain data processing activities that involve your personal data. This isn’t an automatic right, what Boots are able to do will depend on the type of data that Boots hold about you and why |
|
Deletion |
You have a right to request that Boots deletes your personal data it holds. This isn’t an automatic right, what Boots are able to delete will depend on the type of data and the reason for processing. |
About this Policy
Who to contact
For all questions relating to this policy please use this link Contact-us link
Your right to complain to the ICO or DPC
Although we hope it never comes to this, you do have the right to complain to the Information Commissioners Office (ICO) about any of Boots processing activities at casework@ico.org.uk or the Data Protection Commission, if you are in the Republic of Ireland, https://www.dataprotection.ie/en/contact/how-contact-us
Changes to our business
If ownership of all or part of our business changes, or we undergo a reorganisation (including a merger or transfer between Walgreens Boots Alliance companies), we’ll transfer your personal information to the new owner or successor company, so we can continue to provide the services.
Changes to this Privacy Policy
This Privacy Policy was updated in June 2022. We may update it from time to time, so we recommend that you check back here occasionally. If we make changes we think may affect you significantly, we’ll provide you with a prominent notice.
V14.1
.