2ML Ltd General Data Protection Policy 2018 - 2024

This Web “Service” is hosted and maintained by 2ML Ltd (trading as 2mlcloud) and is licensed to Cambusbarron Pharmacy

We invite you to read this privacy policy, which explains our approach to privacy and how we treat your information.

This policy applies to all websites that we own, operate or provide and to all “Services” we provide, including our Online Repeats Service and in addition all bespoke online applications developed on behalf of our customers but maintained by 2ML.

To make it easy for you to understand, unless otherwise stated we’ll just call everything we do our “Services”.

When we refer to “we” (or “our” or “us”), we refer to 2ML Ltd operating under any of its Trading names which include “2ML”, “2MLCloud”, “2MLPharmacare”, “2 Minute Learning” and “2ML Online Repeats”.

When we say “Data” we mean information about you which is personal, such as your name, email, address, telephone number, bank account details (if you are a paying customer), payment information, patient information (if you are an online repeats user),support queries, subscription details, web pages you may have visited. The exact type of personal “Data” we collect will be dependant on which of our “Services” you use and how you use them.

For residents of the EU, our Policy is provided in accordance with the requirements of EU General Data Protection Regulation (GDPR) as defined May 2018.

For European Union GDPR purposes 2ML acts as a Data Controller for the “Services” we provide directly to end users and we also act as a Data Processor for “Services” we have developed and which we maintain for our customers who now operate or provide these “Services” to their own end users. These clients or customers are separate legal entities to 2ML from a “Data” Protection perspective and act as Data Controllers in their own right and will have their own “Data” protection policies in place.   

The principles we use to guide us in our approach to “Data” Protection are the same guiding principles we use to direct our approach to business in general and are built upon the following core values.

Openness …………… our ethos is to be open, honest and transparent in all our business dealings.

Responsibility …………. we acknowledge the responsibility we have to protect the interests of all the people whose lives we “touch” as we conduct our business affairs. Put simply we treat others as we would like to be treated ourselves.

Awareness ……………. we recognise that “online” can be a dangerous space and we take both our own security and the security of those who engage with us “online” very seriously. In security terms nothing surprises us and we take nothing for granted.

Fairness ………….. in everything we do and to everyone with whom we engage.

Who is 2ML

2ML Ltd is a technology business incorporated in 2008 and based in Northern Ireland . Our Company is registered with Companies House (Reg No NI 069530) and our correspondence address is 

Blick Studios
51 Malone Road
Belfast
Northern Ireland
United Kingdom
BT9 6RY

We are registered with the United Kingdom Information Commissioner and our “Data” Protection Registration details are :

Organisation name: 2ML LTD – Registration reference: Z2212884

What is 2ML's business

2ML specialise in the Retail Pharmacy sector and provide websites and online “Services” such as our Online Repeats Service to our Pharmacy customers primarily across the UK and Ireland.

Additionally we provide bespoke websites to our customers outside the Retail Pharmacy sector and develop and maintain high quality bespoke online software applications.

Whilst we are considered a micro business entity, 2ML conduct our business affairs globally with business partners in many different countries made possible by our innovative use of Cloud based technologies.

We trade as :

2MLPharmacare – providing Website and online “Services” to Retail Pharmacies

2ML Online Repeats – allowing Pharmacies and their Customers manage repeats medications online

2minutelearning – building online e-learning courses

2MLCloud – developing, hosting & maintaining bespoke websites and cloud based software applications and providing consultancy “Services”

Why 2ML collect “Data” & how we process it

2ML only ever collect and process personal “Data” where there is a legal basis for us to do so and for one of the following reasons (the Why)

  • We have legitimate business interests to process personal “Data” and where our interest to process is not overridden by your individual rights
  • In order to perform a contract with you
  • Where we have a legal obligation to process the “Data”, to exercise or to defend legal claims, or to assist in criminal investigations of a crime
  • Where necessary in the public interest
  • With your consent

 

The way we collect “Data” broadly falls into three categories (the How)

  1. “Data” you provide to us during some form of direct contact between ourselves
  2. “Data” we collect automatically when you use our “Services”
  3. “Data” from third party sources which is available publically or which we get from third parties 
     

“Data” you provide to us

We draw your attention to the following examples of this category of “Data”

  • Information that you volunteer to us so that you can use one of the “Services” we provide
  • Information you provide when you subscribe as a customer to one or more of our “Services”
  • Information you give us so we can provide you with information about our “Services”.
  • Information in support of potential or actual employment
  • Information when you contact us with questions or request support

    ………… and of course this list of examples is not exhaustive, there will be other examples during the legitimate course of our business where we will be provided with “Data” on a voluntary basis.   

 

“Data” we collect automatically

When we collect “Data” automatically this “Data” is collected by using cookies and similar tracking technologies, and is collected when you visit or use our “Services” online.

The following are examples of this category of “Data”

  • When an email is opened or read
  • Visitor’s ip addresses and device types
  • Pages visited, when they were visited and for how long

 

Typically this “Data” is not personally identifiable but if you have voluntarily provided us with particular forms of personal information we may be able to directly associate this online activity to you.

For example if at your request we email you information about our “Services” and you then click links within the email that are tracked, we will know the email has been received as intended, opened and which links have been clicked by you.

You can configure your browser to reject cookies and disable tracking technology, or reject cookies when using our “Services” but doing so may result in a reduced user experience when accessing our “Services” and in some cases may prevent you from using the service at all.

 

“Data” from third party sources

2ML use “Data” from third party sources to supplement or enhance our understanding of other existing “Data”.

For example

  • You may have already supplied us with your address and we may use Map vendors to show us your location on a map, involving the use of map coordinates.
  • You may provide us with your postcode and from that “Data” by using Postcode mapping vendors we can determine your street address or your general location  
  • You may provide us with your email address and using an email verifying service we can verify that we have correctly notated the email address and that it is a valid address
  • We may use search engines to identify businesses of a particular type in a specific location
  • We may use “Data” published on websites or publically available on social media accounts
  • We may use publicly available professional registers to establish your personal registration details  
  • We may use credit reference agencies

 

The “Data” we process includes

  • All the “Data” (aforementioned) that we collect in the legitimate course of our business and in addition
  • “Data” we process but which is collected by those customers acting in their own right as Data Controllers or Data Controllers in common when using 2ML subscription “Services” or operating “bespoke “Services”” which are maintained by 2ML

“Data” collected by third parties & how they process it

2ML may embed content from third parties into web pages within some of the “Services” we offer and the third party may collect “Data” when you visit one of these embedded pages.

This type of “Data” broadly falls into two categories

  • “Data” you provide to the third party during some form of direct contact between you and the third party
  • “Data” collected automatically by the third party when you visit a page which has their content embedded within it.

 

“Data” you provide to the third party

  • You may fill and submit an online form – for example a customer survey
  • You may download and return a form – for example a job application

 

2ML do not collect or process this type of third party “Data”. It will be clear from the form (should you submit or return it) it who the third party is and you must contact the third party “Data” Controller directly when exercising your rights in respect of this “Data”

“Data” collected automatically by the third party

  • You may visit a page with embedded social media content and as a result a “cookie” may be downloaded with the purpose of collecting “Data”
  • You may visit a page with embedded health information and as a result a “cookie” may be downloaded with the purpose of collecting “Data”

 

2ML use cookies to ensure that we give you the best experience when using our Web “Services”. This includes cookies from third party websites where third party content is embedded in a page which you may visit. You will be notified by a Cookie Consent Alert when you visit and by continuing to use the Web “Service”, you agree to their use.

If you do not agree please do not use the “Service”

How we use the "Data" we collect

2ML use the information we hold to assist us when we operate, improve, secure, understand, tailor, support, develop, market or sell the “Services” we provide.

Primarily we use personal “Data” to operate the “Services” we provide and to manage our relationship with subscribing customers.

Additionally we may use personal “Data” when we communicate directly with existing or potential customers, provide or respond to requests for information, give support to users of our “Services”, request feedback, analyse web traffic, conduct market research, market our “Services”.

How 2ML Share and Transfer "Data"

When we refer to “sharing “Data”” we mean giving Third Party access to “Data” we collect or process.

We will never share “Data” with organisations seeking to market third party “Services” directly to you. No one welcomes spam or other unauthorised contact and therefore we will never sell or rent your “Data” to third parties for such purposes, and we will only share it with a third party for the legitimate business purposes described in this policy.

We may share “Data” with Third party service providers where they support delivery of or otherwise provide functionality for users of our “Services”, or to market or promote our goods and “Services” to you and in such cases only with your consent. All Third party service providers are contractually required under their terms and conditions to only use the “Data” they process on our behalf to provide their service to us, and are contractually prohibited from using it for any other purposes.

We may share “Data” in connection with parties involved in any business reorganisation or restructuring such as a sale, merger or acquisition of all or part of our business. You will be kept fully informed of any business reorganisation and you will be entitled to (within your rights) to request that your “Data” is deleted after any such business reorganisation.

We may share “Data” where it is reasonably necessary to; respond to a legal request or comply with a statutory or legal obligation; facilitate ourselves or a third party when detecting, preventing or investigating illegal activity; mitigate the adverse effects of security or technical issues; protect our intellectual rights or property or to protect our commercial rights.

We may share aggregated “Data” which has been compiled from individual “Data” sets (after any personal “Data” has been obfuscated), with Government Agencies and Third Parties we do business with.

"Data" Transfers

When we refer to “transferring “Data”” we mean sending or processing “Data” in a country outside of the United Kingdom or outside the jurisdiction of the European Union.

2ML will always where possible process “Data” within Data Centers located in the European Economic Area (EEA).

Where, for legitimate business purposes, “Data” is transferred and processed outside the EEA, it will only be transferred to countries that have been identified by the EU as providing adequate protection for EEA “Data” and in accordance with EU “Data” protection law or to a third party which is Privacy Shield certified (for transfers to US-based third parties).

2ML will never transfer personal “Data” other than permitted by law, and will take all appropriate steps intended to ensure all “Data” is fully protected whilst being processed outside of the EEA.

Your Rights and Options

Your Rights

If you don’t have a direct relationship with us, but believe that a 2ML subscriber to one of our “Services” has entered your personal “Data” into one of our “Services”, for example the 2ML Online Repeats service, you will need to contact the subscriber (Pharmacy) for any questions you have about your personal “Data” including any request to delete your personal “Data”.

For “Data” that 2ML controls you have rights, for example to

  • Know what personal “Data” we hold about you
  • Ensure “Data” is accurate
  • Request a copy of personal “Data”
  • Restrict what “Data” we process and the way we process it
  • Delete your “Data”

The full rights you are entitled to are regulated and defined by the GDPR Regulations.

We aim to action any reasonable request concerning the personal “Data” we hold about you within a reasonable timeframe not exceeding 30 days.

As a technology company we can best ensure a prompt response to a request when the request is made by email to privacy@2mlcloud.com.

As an environmentally aware business we only fulfil “Data” information requests in an electronic format.

Your Options

Most of the “Data” we hold is based upon legitimate interests for holding the “Data”, for legal reasons or in the public interest however you can still object to this processing in certain circumstances. Unless we have compelling legitimate grounds to continue processing we shall cease processing at your request.

Where we hold your “Data” for direct marketing purposes, you can remove consent by using the unsubscribe link in such communications or changing your account settings.

After making a “Data” Protection request of us, if you believe we have not actioned your reasonable request in a appropriate manner please advise us by email explaining how you feel we could have acted differently or better served your needs, and we will investigate your complaint accordingly.

If you feel we have not responded to your request or have not handled your “Data” in accordance with GDPR Regulations, you can make a formal complaint to the Information Commissioner, whose contact details along with advice on how to voice your concern can be found on the Information Commissioner’s Office Website here.

"Data" Retention

The length of time we keep your “Data” in our server logs, our Databases, our records and within the third party “Services” we use to administer our business or which are essential to the provision of our “Services”, depends on what the “Data” is and whether we have an ongoing business requirement to retain it.

If we don’t have a legitimate business reason to retain your “Data” we will destroy or delete it as soon as it is no longer required.

If we have a legitimate business reason to retain your “Data” such as legal, accounting or for other statutory requirements, we are compelled to retain the “Data” beyond our business relationship, until such times as we are no longer required to do so, at which point we will make sure the “Data” is destroyed or deleted.

"Data" Security

Security of all the “Data” we collect and process, both your “Data” and our own “Data” is an absolute priority for 2ML.

For obvious security reasons we cannot detail the technical and organisational measures we have in place to protect the “Data” but in general terms we widely use the following measures

  • Physical Security (Intruder detection, cameras, high security locks)
  • “Data” Encryption
  • Complex Encrypted Passwords
  • Restricted Password Distribution
  • “Data” Obfuscation
  • Logins restricted by IP
  • Firewall Protection
  • Intrusion Detection
  • 2 Factor Authentication
  • Forced HTTPS

 

Whilst it is our responsibility to protect the integrity of our overall systems, users accessing our “Services” remain responsible for the security of their individual accounts. Please ensure that you keep your password safe, that it is unique and not used on any other online application and do not share it with anyone.

For “Data” protection purposes, where we hold your “Data” as a result of a direct relationship with you we can only fulfill “Data” protection requests originating from an email address that is linked to your account with us.

For “Data” protection purposes, where we hold your “Data” but where there is no direct relationship with you we can only fulfill “Data” protection requests once we are able to verify the identity of the person making the request. Dependant upon the “Data” requested we will take reasonable steps to validate the legitimacy of the request including asking for proof of identity to be provided to us before we release any “Data” or provide details of any “Data” held.

These security policies are necessarily in place to prevent impersonation resulting in a “Data” breach.

Additional information

When you use our “Services” you may come across links to websites and services operated by other organisations. These third parties have their own privacy policies, which will apply to you when you click on the link and access their website or service.

We cannot accept responsibility or liability for such external sites’ privacy and security practices.

We may need to update this policy on occasions. Where a change is material, we’ll make sure we let you know in a manner appropriate to the particular “Service” you are using.

Contact 2ML

It’s always good to talk. If you have a question or comment to make regarding this notice or any of the “Services” we provide, please get in touch.

As a technology company, email is best for us as this ensures that you’re put in contact with the right person, first time.

Please get in touch at privacy@2mlcloud.com for Privacy or “Data” Protection issues.

or

For all other enquiries contact@2mlcloud.com .