Privacy Policy
Last Updated: January 21, 2025
We are committed to safeguarding your privacy rights and ensuring that your personal data is protected.
This Privacy Notice is applicable to the general processing activities of Superdrug Stores plc.
This Privacy Notice explains the types of personal data we collect and how we process and protect that data in connection with the services we offer. This includes personal data collected offline in our stores or through our customer services, and online through our websites, applications including mobile apps and third-party platforms. If you are also using our Superdrug Mobile services or our Superdrug healthcare services please review Section 5 of this Notice.
Please note that this Privacy Notice may be supplemented from time to time to provide you with information relating to specific and limited processing activities carried out by us (e.g., when we conduct a particular marketing operation around an event). In this case, we will provide you with the necessary supplemental information in a separate and timely manner.
This Privacy Notice may also evolve from time to time, especially when we add new products, services or offers. We will post the updated version of the Privacy Notice here.
We encourage you to visit this page frequently to stay informed.
The capitalized terms used in this Privacy Notice are defined in the “Glossary” section below.
1
WHO IS RESPONSIBLE FOR WHAT HAPPENS WITH YOUR PERSONAL DATA?
Superdrug Stores plc, a member of the ASW Group, (“Superdrug” or “we”) (data controller) is responsible for processing your Personal Data collected on our Sites or offline in our stores.
2
WHO CAN YOU CONTACT IF YOU HAVE ISSUES WITH OUR PROCESSING OF YOUR PERSONAL DATA?
If you have questions in relation to how we process your Personal Data, you can contact our Data Protection Officer via dataprotectionofficer@superdrug.com via our customer service team by contacting them via our online chat options which you can access through our website https://www.superdrug.com/contact or via post at 51 Sydenham Road, Croydon, Surrey, CR0 2EU .
3
WHAT PERSONAL DATA DO WE PROCESS?
Important General Notice: When we collect your Personal Data through forms (online or in-store), we will indicate the mandatory fields via asterisks. According to the principle of data minimization, these mandatory fields only contain information that are necessary for us to provide you with goods and services. We will not be able to provide you with goods and services if you do not fill in these fields.
We may collect the following data either from you directly or from our Third Parties (mentioned under Section 8):
Log Data: Information about the type of browser you use when visiting our Sites, your IP and device address, hyperlinks you clicked, websites you browsed before arriving at our Sites and other information collected by cookies or similar tracking technologies (such as actions taken on our Sites or Third Party Sites, information about how you handle emails you receive from us, unique IDs assigned to you, your browsing behaviour). Your location and information about your mobile device (e.g., the unique identifier for your personalised device), your GPS data or wireless network data. Your username, profile picture, and any other information you choose to share when using Third Party Sites (e.g., when you use the “Like” functionality on your social media account).
Basic Data: Name, title, age, date of birth, gender, password, account age, account number.
Contact Data: Postal address, email address, and phone number.
Purchase Data: Purchases of goods or services you make on our Sites, mobile apps, in-store or in our pharmacies, prices of purchases, order history, return history, payment history, wish lists, invoices. Payment information (i.e., payment method).
Personalization Data: Brands you prefer, products you prefer, your favourite store, answers you provide in surveys or competitions, your shopping habits (such as your preferred shopping channels or your shopping frequency), preferences and information about your lifestyle, your preferred communication channel (such as information on which campaign channel you prefer while engaging with us), your preferences that you share with us by using our online tools or in-store kiosks.
Freeform Data: Any other content / information you provide to us via our Sites including our customer services chatbot, and further information submitted by you in relation to a purchase or service request or other query, including communications with customer services regarding refunds or online purchases and your product reviews that you share with us.
Loyalty Data: Loyalty card member identification number, account status (including your membership date) and details regarding points collected and redeemed.
Sensitive Data: In certain limited circumstances, we may process information about any adverse reaction to a product (this may constitute health data) or diagnostic data (e.g., skin colour, skin condition and skin type for the purpose of providing appropriate products). If we require sensitive information about you, we will inform you about our legal obligations in a transparent manner and ask you for your explicit consent before processing such Personal Data. If you do not provide your explicit consent, we will not process such Personal Data.
VAT Data: For customers who are eligible to VAT-free purchases or VAT / sales tax rebates when visiting the EU as a non-resident visitor: country of residence; passport number.
CCTV Images: Still or video images from security cameras we have in our stores.
Images: Pictures or videos when you make a product review on our website including when you make a claim for bodily injury or reaction to a product. Pictures when you use our beauty tools within In-App features. Pictures or videos when you participate in our games or competitions.
Communications Data: Information about the routing of service, calls and messages you make and receive, the date, time, duration and cost of these, and information about the identity of your device and SIM.
Location Data: Data revealing the geographic location of your device when using our mobile services.
Health Data: Prescription order history, NHS number, information relating to prescription or pharmacy medicines and other medicinal products that you order or are prescribed, information on your healthcare appointments, previous medical information, information on your diagnosis and health test results.
4
FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
Tracking - browsing on our Sites and Third Party Sites
Type of processing
Tracking – browsing on our Sites and Third Party Sites
What category of Personal Data may we process?
Log Data
What is the purpose of the processing?
We (and third-party service providers acting on our behalf or on their own behalf) may use cookies and similar technologies to process data about you when you visit our Sites and Third Party Sites.
On our Sites, such processing has three main purposes:
1. To provide core Site functionalities such as enabling you to browse through our Sites and log in securely, remembering how far you are through an order and using some functions (e.g. the customer service chat) at your request. We call these “Necessary Cookies”.
2. To enhance the performance of our Sites by, for example, using analytic tools to understand more about our visitors, personalise content or engage with you based on your behaviour within our Sites. We call these “Functional Cookies”.
3. To target you with our ads when you browse other sites or social media platforms based on your behaviour on our Sites. For this purpose, we share Site usage information with Third Parties (e.g., advertisers, advertising agencies, advertising networks, data exchanges, etc.) who may set their own cookies outside our Sites and track your online activity across sites for their own purposes. We call these “Advertising Cookies”.
For more specific information about cookies, please see our Cookie Consent Tool:
Third Parties that collect Personal Data on their own behalf are subject to their own processing activities as disclosed in their own privacy policies.
For how long do we store your Personal Data?
Please see our Cookie Consent Tool for more information on the retention of cookies.
What is our legal basis for the processing?
For “Necessary Cookies”: our legitimate interests and the performance of our agreement with you.
For other cookies: your consent when you click “agree” in our Cookie Consent Tool on our Sites.
You can always revisit your cookie preferences via our Cookie Consent Tool or by changing your browser settings.
Creation and management of accounts and loyalty card accounts
Type of processing
Creation and management of accounts and loyalty card accounts
What category of Personal Data may we process?
Basic Data and Contact Data, Loyalty Data (if you are a member of our loyalty program)
What is the purpose of the processing?
We process your Personal Data to allow the creation of your account and/or your loyalty card accounts and to manage your accounts on our Sites.
For how long do we store your Personal Data?
We will keep your Personal Data as long as your account is active and for three (3) years after your Last Activity on your account, unless we are required by law to store it for a longer period (e.g. to reserve the right to retain such data pending legal proceedings, until the statute of limitations has expired).
What is our legal basis for the processing?
We process this information for the performance of our agreement with you.
Online or in-store purchase of goods or services, making of appointments
Type of processing
Online or in-store purchase of goods or services, making of appointments.
What category of Personal Data may we process?
Basic Data, Contact Data, Purchase Data, Loyalty Data, VAT Data (if applicable).
What is the purpose of the processing?
We process your Personal Data to handle your purchases of goods and services in our physical and online stores and, as the case may be, to deliver the products to you as ordered or perform the services that you requested.
For how long do we store your Personal Data?
If you have an account or a loyalty card: we will keep your Personal Data as long as your account or loyalty card is active and for three (3) years after your Last Activity, unless we are required by law to store it for a longer period.
If you check out as a guest, we will retain your data for one year from the date of transaction.
If you do not have an account or a loyalty card: we may collect VAT Data (if applicable) and store it for the period required by law
What is our legal basis for the processing?
We process this information for the performance of our agreement with you.
Direct marketing and suggesting products and services which may be of interest to you.
Type of processing
Direct marketing and suggesting products and services which may be of interest to you.
What category of Personal Data may we process?
Log Data, Basic Data, Contact Data, Purchase Data, Personalization Data, Loyalty Data, Sensitive Data
What is the purpose of the processing?
We process your Personal Data to send you via post, email, newsletter, SMS, push notifications, Whatsapp or phone – details of products, services, special offers, promotions and other information (unless you opt-out of receiving such communications, which you can do at any time).
These communications may contain suggestions of products or services (including those of relevant Third Parties) that we think may be of interest to you.
To determine which products or services you may be interested in, we will process your Personal Data and in particular, your shopping history, your behaviour on our Sites and Third Party Sites, your behaviour when you receive an email from us, and your preferences to include you in segments according to our segmentation strategy.
We will also process your Personal Data to show you targeted content, including online offers and advertisements for products and services that belong to us or Third Parties, which you may see on our Sites or on Third Party Sites via cookies or directly sharing your email address with a transfer method (such as API) (if you have consented to social media targeting). Please note that even if you opt out of cookies, you may still receive advertisements from us that are not customised.
If you agree to the localisation function on your device, and if you are a loyalty card member and have uploaded the electronic card to your wallet, we may process your location data to send you a notification when you are near one of our stores.
For how long do we store your Personal Data?
If you are a loyalty card member or you have an account with us: For three (3) years after your Last Activity with us, unless we are required by law to store it for a longer period.
What is our legal basis for the processing?
If you are a loyalty card member or you have already purchased a product with us, we process this information based on legitimate interests.
In any other case, we will obtain your prior consent.
Surveys
Type of processing
Surveys
What category of Personal Data may we process?
What is the purpose of the processing?
We process your Personal Data to carry out surveys in order to improve our products and services.
For how long do we store your Personal Data?
Until the business purpose is achieved, or as required by law.
What is our legal basis for the processing?
We process this information on the basis of legitimate interests or your consent, as the case may be, and if Sensitive Data is to be collected, on the basis of your explicit consent.
Product Reviews, Product Recommendations and User Generated Content
Type of processing
Product Reviews, Product Recommendations and User Generated Content
What category of Personal Data may we process?
Basic Data, Contact Data, Personalization Data and Freeform Data, Images
What is the purpose of the processing?
We process your Personal Data to manage your reviews and/or recommendations about the products you bought and/or used and/or services you received in order to improve our products and services. Your reviews and/or product recommendations are either directly shared by you in our Sites or provided to other third party websites by you and use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you e.g. to post your review/content and to promote our products. We also process your Personal Data to comply with our legal obligations relating to moderating website content under applicable laws.
For how long do we store your Personal Data?
Until the business purpose is achieved, or as required by law.
What is our legal basis for the processing?
We process this information on the basis of your consent or legitimate interests and to fulfil our legal obligations.
Prize draws, competitions and games
Type of processing
Prize draws, competitions and games
What category of Personal Data may we process?
Basic Data, Contact Data, Personalization Data and Freeform Data, Images (pictures / videos) and any Data provided in the form.
What is the purpose of the processing?
We process your Personal Data to allow you to participate in prize draws, competitions or games, and if you choose to participate, to determine the winner and provide you with any prize you win.
For how long do we store your Personal Data?
For three (3) months after the draw, competition or game is completed, unless we are required by law to store it for a longer period.
What is our legal basis for the processing?
We process this information on the basis of legitimate interests and your consent for the gathering of your Images.
Loyalty points and vouchers
Type of processing
Loyalty points and vouchers
What category of Personal Data may we process?
Basic Data, Contact Data, Purchase Data and Loyalty Data
What is the purpose of the processing?
When you become a member of our loyalty program, we process your Personal Data to calculate and inform you about the points you have collected, and to send you loyalty vouchers and information related to these vouchers (e.g. duration, expiry date etc.).
For how long do we store your Personal Data?
For as long as you are a member of any of our loyalty programs.
If your Last Activity was more than three (3) years ago, we will delete or anonymise your Personal Data, unless we are required by law to store it for a longer period.
What is our legal basis for the processing?
The processing of your Personal Data is necessary for the performance of our agreement with you.
After-sales, customer services and claim management including the use of AI powered chatbots
Type of processing
After-sales, customer services and claim management including the use of AI powered chatbots
What category of Personal Data may we process?
Basic Data, Contact Data, Purchase Data Loyalty Data, Log Data, and Freeform Data
In some very limited cases: Sensitive Data and Images (pictures)
What is the purpose of the processing?
We process your Personal Data whenever you contact us in order to respond to your enquiries and comments, to process potential claims and your data subject rights requests and, as the case may require, to reimburse you.
For how long do we store your Personal Data?
General enquiries and comments relating to service issues, store standards, stock availability, etc.: three (3) years from our last communication with you.
Communications relating to personal injuries, accidents and other health and safety issues may be kept for a longer period in cases of legal claims or settlements.
What is our legal basis for the processing?
The processing of your Personal Data is necessary for the performance of our agreement with you, in our legitimate interest of defending potential legal claims and to fulfil our legal obligations.
Processing of any Sensitive Data will be done with your explicit consent or will be used in evidence for any legal proceedings for the establishment, exercise or defence of any legal claims if the case requires.
Fraud prevention and other regulatory-related purposes
Type of processing
Fraud prevention and other regulatory-related purposes
What category of Personal Data may we process?
Basic Data, Contact Data, Purchase Data, Loyalty Data, Log Data and Freeform Data
In some very limited cases: Sensitive Data and Images (pictures)
What is the purpose of the processing?
We process your Personal Data to comply with our legal obligations, including cosmetics regulations (e.g., we may process certain data concerning your health or symptoms and reactions that you experienced when using our products in order to comply with our cosmetovigilance obligations), data protection regulations and money laundering regulations.
We also process your Personal Data to prevent or detect fraud or other crimes, to verify your identity and credit / payment status, to protect log-in details of loyalty member account holders, to maintain the integrity of the Sites’ hardware and software systems and to fight against counterfeit and selective distribution.
For how long do we store your Personal Data?
We archive your Personal Data for regulatory purposes for the duration of any legal or regulatory actions and legal/regulatory requirements.
What is our legal basis for the processing?
The processing of your Personal Data is necessary for compliance with our legal obligations and / or for our legitimate interests.
Processing of any Sensitive Data will be done with your explicit consent or will be used in evidence for any legal proceedings for the establishment, exercise or defence of any legal claims if the case requires.
CCTV systems
Type of processing
CCTV systems
What category of Personal Data may we process?
CCTV Images
What is the purpose of the processing?
Our stores are equipped with CCTV systems for theft and fraud detection and prevention.
For how long do we store your Personal Data?
The CCTV Images will be deleted after thirty-five (35) days, unless we are required by law to keep them for a longer period, or they are required for any legal actions, in which case the CCTV Images will be stored until the completion of any investigation or action and appeal.
What is our legal basis for the processing?
We process this information where such processing is necessary for compliance with our legal obligations, or on the basis of legitimate interests in monitoring and protecting our stores and employees.
In – store or-app features (including AI powered features)
Type of processing
In – store or-app features (including AI powered features)
What category of Personal Data may we process?
Images, Personalization Data, Sensitive Data (e.g.; diagnostic data such as skin colour, skin condition and skin type for the purpose of providing appropriate products)
What is the purpose of the processing?
We will process your Personal Data to provide you with the requested online / in-store services, or otherwise complete a transaction requested by you, including but not limited to:
- To allow you to use virtual beauty try-on tools;
- To allow you to use skincare analysis tools; and
- To analyze your personal and beauty characteristics so we can recommend the appropriate products and routines.
If you choose to use our in-app selfie filter features, we will process your picture to accommodate your request.
We will ask for your separate permissions for our apps to turn on your camera. If you change your mind later, you will be able to revoke the permissions at any time by changing the settings on your device. Please note that rejecting or switching off these permissions will limit the features you can use in our apps.
You may choose to provide physical / facial characteristics and / or health and medical information in connection with some of our services, such as our skincare analysis tool. If you use one of our beauty try-on tools or beauty filters, we capture the photo / facial image you provide and data obtained or created from your picture (including the automated recognition of various facial landmarks), that might qualify as biometric data or otherwise infer physical characteristics, skin conditions and concerns, or demographic data about you.
We also use face recognition technology already included in your device (e.g., TrueDepth API) to create augmented reality effects within our apps. We do not share this information with any Third Parties and we do not store or process in any other way the data which our apps access and use via this technology.
For how long do we store your Personal Data?
While our app may process pictures at your request, we do not collect or store pictures taken with your phone for your use of our beauty try-on tools.
If you choose to save the results given by our beauty try-on tools in your account, we will keep your results for the period we mention within the notice displayed in the relevant application when you first interact with the application.
What is our legal basis for the processing?
When you use the in-app features, the processing of your Personal Data is also necessary for the performance of our agreement with you.
When you decide to save the results in your profile, we process this information on the basis of your consent, including your explicit consent for the processing of any Sensitive Data you choose to provide.
5
OUR PROCESSING OF PERSONAL DATA FOR ADDITIONAL SUPERDRUG SERVICES
In addition to the above, when you procure additional services from us we also process your following personal data as explained below:
5.1. Superdrug Mobile Services
If you are a customer of our Superdrug Mobile services.
- We process your Basic Data to enabling your online registration and maintaining your account for your use of Superdrug Mobile services;
- We process your Basic Data, Purchase Data and Communications Data to provide you with Superdrug Mobile network services such as activating your SIM, buying a mobile plan and using the mobile network.
- We process your Communications Data to provide “over-the-air” (OTA) services which allows for the downloading of applications, updates, and communications to your SIM to take place remotely.
- We process your Communications Data and Freeform Data to resolve any Superdrug Mobile services related queries made by you.
- We process your Location Data in order to provide location based services requested by you and which may be provided by us or by third parties on behalf of us, or where you request location based services directly from third parties. For example, your Location Data will be transmitted when calling the emergency services from your phone within our coverage area in the UK. However, if you call the emergency services when you’re outside our coverage area in the UK, your telephone number and your Location Data will not be transmitted.
- We process your Basic Data, Contact Data and Purchase Data to to prevent or detect fraud or other crimes, to verify your identity and credit / payment status, to protect log-in details of account holders, to maintain integrity of the Sites’ hardware and software systems. Your Purchase Data may be transferred to payment providers to process your payments or the police for fraud prevention purposes.
Generally, we’ll keep your Communications Data for up to one year. Your account information will be kept after your relationship with us ends to comply with legal and regulatory obligations.
We need your Basic Data, Purchase Data, Communications Data and Freeform Data to process your order or any other service you request from us (performance of a contract).
We share your personal data with our processor, Hutchison 3G UK Limited, for the purposes of providing the Superdrug Mobile network services to you. Please see Hutchison 3G UK Limited’s privacy notice for details on their activities: https://www.three.co.uk/privacy-safety/privacy-policies
5.2. Superdrug Healthcare Services
At Superdrug, we offer you various healthcare services. As a healthcare provider, our services are regulated by General Pharmaceutical Council, Pharmaceutical Society of Northern Ireland, Care Quality Commission and Health Improvement Scotland. You may find below our processing of your data for services where Superdrug Stores Plc act as data controller.
Also, you may access services which are provided by third parties (for example, the Superdrug Online Doctor and Video GP Services). In this instance these third parties will be responsible for your personal data and will act as Data Controller in respect of your personal data.
5.2.1. Superdrug pharmacies (in store and eNHS)
When you are using an in-store pharmacy, when you are using our Superdrug Online Pharmacy services or when you receive your prescription through Superdrug Online Doctor, we process your personal data as explained below:
- We process your Basic Data to enabling your online registration. We keep your personal data as long as you keep using our Superdrug Online Pharmacy services. If after three years, you have no transactions, we delete or anonymize your personal data.
- We process your Basic Data, Health Data and Contact Data to process and deliver your order of the medicines and other medicinal products that you ordered (including your orders through our Superdrug Online Doctor services. In line with the local healthcare regulations, we are required to keep your personal data for 110 years unless there is a specific legal retention period applicable for the services you receive from us.
- We process your Basic Data and Purchase Data to process your payments while ordering. We keep your personal data as long as your account is active and for three (3) years after your Last Activity on your account, unless we are required by law to store it for a longer period.
- We process your Basic Data and Health Data to respond to your enquires and comments. We keep your personal data 3 years from date of enquiry. If your query is related to personal injuries, accidents or other health and safety issues, then we will keep your personal data for 7 years after the date of enquiry.
- We process your Basic Data, Contact Data, Health Data and Purchase Data to prevent or detect fraud or other crimes, to verify your identity and credit / payment status, to protect log-in details of account holders, to maintain integrity of the Sites’ hardware and software systems. We keep your personal data as long as your account is active and for three (3) years after your Last Activity on your account, unless there is an ongoing legal or regulatory action. In this case, we will keep your data for the duration of any legal or regulatory action.
We process your Basic Data, Contact Data and Purchase Data to perform the contract that we have entered into with you and we process your Health Data by obtaining your consent.
In and when the services require, we share your personal data with your doctor and non-medical staff working at or with us as well as with pharmacies (including but not limited to pharmacies operated by us) or hospitals working with us to deliver medical services to you. We also share your personal data with our trusted third parties to allow payment and delivery of the products and services you have ordered and to maintain the IT infrastructure of our site.
In the event we are no longer operating an in-store pharmacy in a particular location and the NHS pharmacy services is being taken over by a new pharmacy provider, we’ll transfer your Health Data to the new provider, to ensure continuity of service.
5.2.2. Superdrug Health Clinics
When you are using our Superdrug Health Clinics services we process your personal data as explained below:
- We process your Basic Data and Contact Data to enabling your online registration. We keep your personal data as long as your account is active and for three (3) years after your Last Activity on your account, unless we are required by law to store it for a longer period.
- We process your Health Data to book and manage your appointments and keep a record of your treatment details that you received. In accordance with local regulations, we will keep your personal data foreight years for audit purposes (for children: until the 25th birthday (or 26th birthday if the patient was 17 years when treatment finished).
We process your Basic Data and Contact Data to perform the contract that we have entered into with you and we process your Health Data on the basis of ‘your consent’.
We also share your personal data with our trusted third parties to allow booking management (including your flu bookings) and to maintain the IT infrastructure of our site. In addition, we work with Thriva Solutions to provide you ‘Blood Testing’ services where they may also process your personal data for their own purposes. In that case, their privacy policy available here https://thriva.co/privacy will apply.
5.2.3. Superdrug Aesthetics Clinics
When you are using our Superdrug Aesthetics Clinics services we process your personal data as explained below:
- We process your Basic Data and Contact Data to enabling your online registration. We keep your personal data as long as your account is active and for three (3) years after your Last Activity on your account, unless we are required by law to store it for a longer period.
- We process your Health Data to book and manage your appointments and keep a record of your treatment details that you received. In line with the local healthcare regulations, we are required to keep your personal data for 110 years unless there is a specific legal retention period applicable for the services you receive from us.
- We process your Basic Data and Health Data to respond to your enquires and comments. We keep your personal data 3 years from date of enquiry. If your query is related to personal injuries, accidents or other health and safety issues, then we will keep your personal data for 7 years after the date of enquiry.
We process your Basic Data and Contact Data to perform the contract that we have entered into with you and we process your Health Data on the basis of ‘your consent’.
We also share your personal data with our trusted third parties to allow payment of the services you have received and to maintain the IT infrastructure of our site.
6
OUR USE OF ARTIFICIAL INTELLIGENCE
How do we use AI Technologies?
On our Sites, we may offer tools and services where we use artificial intelligence (‘AI’) technologies. Our use of AI may include following; AI powered customer services chatbots, beauty consultants, product recommendation tool, website content analyzer etc. In the future, we may add new features with AI to our Sites to provide you a better user experience.
Is usage of AI technologies optional for you?
In most of the cases yes, engaging with AI technologies is optional when we offer additional features to you. You may choose not to use it by not interacting with the service. For instance, if you do not wish to use our AI powered customer services chatbot or product recommender, you may always contact our customer service team via our customer service team by contacting them via our online chat options which you can access through our website https://www.superdrug.com/contact. On the other hand, there may be instances where we use AI technologies for our own legitimate business interests, including use of your collected personal data for improving our own products and services provided to you or recommendations made to you).
How should you use the output given by AI?
When you interact with an AI technology, the accuracy, relevance, adequacy and quality of the interaction may vary while such technology is constantly evolving. The output provided by AI technologies are based on available data and patterns, and they should not be considered a substitute for professional advice or personalized consultations. While we strive to assist you, the ultimate decisions you make based on the AI’s guidance are yours.
What is our purpose and legal basis for processing personal data through AI technologies?
For the purpose of providing services and improving our service quality, and where we monitor and test AI products throughout their lifecycle (including if required by law), we may analyze the data you shared with AI powered features on our Sites. Unless it is not prompted to do so, please do not share any personal data with these AI powered features.
We may also use the Personal Data collected through AI technologies for machine learning and training purposes. We will rely on our legitimate interest to do so.
When we make available to you such AI powered services, we will inform you about our legal obligations in a transparent manner.
If you experience any error while using the AI features, please report this to us by contacting us via dataprotectionofficer@superdrug.com.
7
WHAT HAPPENS IF OUR CUSTOMER IS A CHILD?
Our Sites and our services are intended for persons who are old enough to consent to the processing of their Personal Data under applicable privacy laws. If we, nevertheless, inadvertently and unknowingly collect Personal Data from people below consenting age, their legal representative can exercise their rights on their behalf and by their name at any time.
Note, however, that access to certain parts of our Sites or services (such as obtaining a loyalty card) and / or eligibility to receive prizes, samples or other rewards may be limited to users over a certain age. We may use your Personal Data to carry out age verification checks and enforce any such age restrictions.
8
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We do not transfer or disclose your Personal Data other than to the parties as set out below:
(a) to the ASW Group companies, only when certain services are centralized, for effective management;
(b) to Third Parties (companies or individuals). These providers, which may be: (i) advertising and media consultants; (ii) market research consultants; (iii) providers of technical services (such as website hosting and platform management services); (iv) website designers and developers; (v) cloud computing service providers; (vi) electronic storage providers; (vii) customer services; (x) recruitment agencies; (xi) delivering to retail locations or stores; (xii) payment service providers, to the extent such providers require access to your Personal Data for the performance of their functions/services to us. They may not use your Personal Data for other purposes;
(c) to Third Parties to whom we may choose to sell, transfer or merge parts of our business or our assets;
(d) to governmental agencies and regulators (e.g., tax/government authorities and law enforcement), courts, and external advisors (e.g., lawyers, accountants, insurers, insurance brokers and auditors etc.);
(e) to other parties in order to comply with legal or regulatory requirements or obligations in accordance with applicable laws, court orders or subpoenas or to protect your health and safety in case of an emergency (such as medical emergency) in our stores.
9
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE EEA?
Many of our service providers and group companies are based in countries that provide an adequate level of data protection, such as within the European Economic Area (“EEA”) or in the United Kingdom.
When we need to transfer your Personal Data to a ASW Group company or a Third Party based in a country where data protection laws are considered not to offer an adequate level of protection, we ensure appropriate data protection safeguards, such as Standard Contractual Clauses are in place.
For more details on the transfer mechanism, please contact our Data Protection Officer using the details at Section 2.
10
WHAT ARE YOUR RIGHTS?
You have the following rights to the extent provided by the law applicable to you and can exercise these rights by contacting our Data Protection Officer using the details at Section 2:
- to obtain confirmation as to whether or not we process your Personal Data and, where that is the case, to obtain a copy thereof;
- to rectify inaccurate or complete incomplete Personal Data;
- to erase Personal Data including the request to delete your account, in some cases. Please note that this is not an absolute right and we may have legal or legitimate grounds to refuse your request;
- to object to processing when such processing is based on our legitimate interests. We may, however, invoke compelling legitimate grounds to continue processing. You also have the right to object at any time to the processing of your Personal Data for marketing purposes. (To unsubscribe from our marketing communications, you may change your account preferences by logging in to your account, or simply by clicking on the “unsubscribe” link at the bottom of each communication);
- to restrict the processing of Personal Data;
- to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller (Portability of Personal Data);
- if you have consented to any personal data processing activities, to withdraw this consent at any time for future processing. Such withdrawal will not affect the lawfulness of any processing conducted prior to the consent being withdrawn; and
- to lodge a complaint with the Information Commissioner in the UK (www.ico.org.uk) or the Data Protection Commissioner in the Republic of Ireland (www.dataprotection.ie).
11
GLOSSARY
ASW Group means the A.S. Watson group of companies, which is part of the multinational conglomerate CK Hutchison.
Group Companies means any company of the ASW Group and CK Hutchison and any of its subsidiaries.
Last Activity means th last purchase of our goods or services.
Personal Data means information that can directly or indirectly identify you. This typically includes information such as your name, address, email address, and telephone number, but can also include other information such as IP address, shopping habits, information about health and beauty, and information about your lifestyle or preferences such as your hobbies and interests. Certain information, such as about your health, is classified as “Sensitive Data” and is afforded special protection because of its sensitivity.
Sites means www.superdrug.com and Superdrug mobile app
Third Parties means companies that are not ASW Group companies.
Third Party Sites means the websites, platforms and applications of any Third Party.
