Skip to content

Legal

Privacy Policy

Last updated: 7 March 2026

1. Introduction

This Privacy Policy explains how Prescrivia ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our platform. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.

2. Data Controller

Prescrivia is the data controller for platform data. Independent doctors and pharmacies act as joint or independent controllers for the medical data they process in the course of providing healthcare services.

3. Data We Collect

3.1 Account Data

When you create an account, we collect: name, email address, date of birth, and delivery address.

3.2 Health Assessment Data

When you submit a health assessment, we collect medical information including: current symptoms, medical history, current medications, allergies, and lifestyle factors. This data is classified as special category data under GDPR and receives additional protections.

3.3 Payment Data

We collect payment information necessary to process your transaction. Full payment card details are processed by our PSD2-compliant payment provider and are not stored on our servers.

3.4 Technical Data

We automatically collect: IP address, browser type, device information, and usage analytics to improve our service.

4. Legal Basis for Processing

  • Consent — For processing health data and marketing communications
  • Contractual necessity — For providing our platform services
  • Legitimate interest — For security, fraud prevention, and service improvement
  • Legal obligation — For regulatory compliance and record-keeping

5. How We Use Your Data

  • Facilitating the connection between you and healthcare professionals
  • Processing your health assessments and transmitting them to reviewing doctors
  • Processing payments and managing orders
  • Communicating with you about your assessments and orders
  • Improving our platform and services
  • Complying with legal and regulatory requirements

6. Data Sharing

We share your data only as necessary:

  • Independent doctors — Your health assessment for medical review
  • Licensed pharmacies — Prescription and delivery details
  • Payment providers — Payment processing data
  • Delivery services — Delivery address and tracking

We do not sell your personal data to third parties. We do not share your data for marketing purposes without your explicit consent.

7. Data Security

We protect your data using:

  • 256-bit AES encryption for sensitive data at rest and in transit
  • ISO 27001 certified data centres within the EU
  • Role-based access controls with multi-factor authentication
  • Regular security audits and penetration testing
  • Automatic session timeouts for clinical data access

8. Your Rights

Under GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data (subject to legal retention requirements)
  • Data portability — Receive your data in a structured, machine-readable format
  • Restriction — Restrict how we process your data
  • Objection — Object to certain processing activities
  • Withdraw consent — Withdraw consent at any time without affecting prior processing

To exercise any of these rights, please contact us.

9. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Medical records may be retained for the period required by applicable healthcare regulations. When you request deletion, we process it within 30 days, subject to legal retention requirements.

10. International Transfers

Your data is stored and processed within the European Economic Area (EEA). We do not transfer personal data outside the EEA unless required and only with appropriate safeguards in place.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. The date at the top of this page indicates when it was last updated.

12. Contact

For privacy-related enquiries or to exercise your data rights, email us at support@prescrivia.com or visit our contact page.