Skip to content

Legal

Privacy Policy

Last updated: 7 March 2026

1. Introduction

This Privacy Policy explains how Prescrivia ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our platform. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.

2. Data Controller

Prescrivia is the data controller for platform data. Independent doctors and pharmacies act as joint or independent controllers for the medical data they process in the course of providing healthcare services.

3. Data We Collect

3.1 Account Data

When you create an account, we collect: name, email address, date of birth, and delivery address.

3.2 Health Assessment Data

When you submit a health assessment, we collect medical information including: current symptoms, medical history, current medications, allergies, and lifestyle factors. This data is classified as special category data under GDPR and receives additional protections.

3.3 Payment Data

We collect payment information necessary to process your transaction. Full payment card details are processed by our PSD2-compliant payment provider and are not stored on our servers.

3.4 Technical Data

We automatically collect: IP address, browser type, device information, and usage analytics to improve our service.

4. Legal Basis for Processing

  • Consent — For processing health data and marketing communications
  • Contractual necessity — For providing our platform services
  • Legitimate interest — For security, fraud prevention, and service improvement
  • Legal obligation — For regulatory compliance and record-keeping

5. How We Use Your Data

  • Facilitating the connection between you and healthcare professionals
  • Processing your health assessments and transmitting them to reviewing doctors
  • Processing payments and managing orders
  • Communicating with you about your assessments and orders
  • Improving our platform and services
  • Complying with legal and regulatory requirements

6. Data Sharing

We share your data only as necessary:

  • Independent doctors — Your health assessment for medical review
  • Licensed pharmacies — Prescription and delivery details
  • Payment providers — Payment processing data
  • Delivery services — Delivery address and tracking

We do not sell your personal data to third parties.

7. Data Security

We protect your data using:

  • 256-bit AES encryption for sensitive data at rest and in transit
  • ISO 27001 certified data centres within the EU
  • Role-based access controls with multi-factor authentication
  • Regular security audits and penetration testing
  • Automatic session timeouts for clinical data access

8. Your Rights

Under GDPR, you have the right to: Access, Rectification, Erasure, Data portability, Restriction, Objection, and Withdraw consent.

To exercise any of these rights, please contact us.

9. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations.

10. International Transfers

Your data is stored and processed within the European Economic Area (EEA).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email.

12. Contact

For privacy-related enquiries, email us at support@prescrivia.com or visit our contact page.