PRIVACY POLICY
Last Updated: 17/02/2026
PharmacyIQ is a product developed and operated by IntelligentQ Limited (“PharmacyIQ”, “we”, “us”, “our”).This Privacy Policy describes how we collect, use, store, disclose, and protect personal data in connection with:
Our public website
Early access and commercial enquiries
The PharmacyIQ software platform (when deployed)
Integration services, including NHS-connected workflows
Ongoing customer relationships
We are committed to compliance with:
The UK General Data Protection Regulation (“UK GDPR”)
The Data Protection Act 2018
Applicable NHS information governance requirements
Relevant professional and regulatory standards applicable to pharmacy operations
1. DATA CONTROLLER AND PROCESSOR STATUS
For personal data collected through this website and for commercial engagement purposes, IntelligentQ Limited acts as the Data Controller.
Where PharmacyIQ is deployed within a pharmacy environment and processes personal data, including prescription or patient-related data, the relevant pharmacy organisation acts as the Data Controller and PharmacyIQ acts as a Data Processor strictly in accordance with documented instructions and a written Data Processing Agreement.
PharmacyIQ does not determine the purposes or legal basis for the processing of patient prescription data.
2. PERSONAL DATA WE COLLECT
The categories of personal data processed depend on the nature of interaction with PharmacyIQ.
2.1 Website Visitors
When you access or interact with our website, we may process:
Name
Organisation or pharmacy name
Email address
Telephone number (if voluntarily provided)
IP address
Browser type and version
Device identifiers
Usage data, including page visits and interaction data
This information is collected when you submit contact forms, register interest, or interact with website functionality.
2.2 Prospective Customers
During commercial discussions or early access engagement, we may process:
Business contact information
Pharmacy operational details
Branch count and deployment scope
Information relating to current pharmacy systems
Records of correspondence and meetings
This information is necessary for evaluating suitability, onboarding planning, and managing pre-contractual discussions.
2.3 Customer Account Data (Platform Context)
If your organisation subscribes to PharmacyIQ, we may process:
User names
Professional roles and permissions
Authentication credentials (securely stored or hashed as appropriate)
Access logs and user activity logs
System configuration data
Such processing supports secure authentication, role-based access control, and regulatory audit requirements.
2.4 Pharmacy Operational Data
Where PharmacyIQ is deployed within a pharmacy environment, we may process operational data including:
Product master data (including dm+d codes or equivalent identifiers)
Stock records
Batch numbers
Expiry dates
Supplier details
Stock movement logs
Dispensing workflow metadata
NHS integration transaction logs
To the extent that prescription or patient-identifiable information is processed, such processing is performed solely as a Data Processor under the instructions of the pharmacy.
3. SPECIAL CATEGORY DATA
Certain pharmacy workflows may involve health-related information, which constitutes Special Category Data under UK GDPR.
Where such data is processed through the PharmacyIQ platform:
Processing is carried out solely on behalf of the pharmacy acting as Data Controller
Processing is limited to what is necessary to provide contracted services
Appropriate technical and organisational measures are implemented
Data Processing Agreements govern the relationship
PharmacyIQ does not intentionally collect Special Category Data via its public website.
4. PURPOSES OF PROCESSING
We process personal data for the following purposes:
Responding to enquiries and managing early access interest
Conducting pre-contractual commercial discussions
Providing, operating, and maintaining the PharmacyIQ platform
Implementing secure authentication and access control mechanisms
Maintaining structured audit logs for accountability and traceability
Facilitating authorised integration with NHS systems
Monitoring system performance and security
Preventing fraud, misuse, or unauthorised access
Complying with legal and regulatory obligations
Personal data is not processed for unrelated marketing or resale.
5. LAWFUL BASES FOR PROCESSING
We rely on the following lawful bases under UK GDPR:
Consent — where individuals voluntarily provide contact details and opt in to communications.
Legitimate Interests — for responding to enquiries, ensuring system security, and improving service quality.
Contractual Necessity — where processing is required to perform contractual obligations with customers.
Legal Obligation — where regulatory or statutory requirements require data retention or disclosure.
Where PharmacyIQ acts as Data Processor, the lawful basis for processing patient data is determined by the relevant pharmacy Data Controller.
6. DATA RETENTION
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.
Website enquiry data may be retained for up to 24 months unless deletion is requested.
Customer account and operational data retention is governed by contractual agreements and regulatory requirements applicable to pharmacy record-keeping.
Audit logs may be retained in accordance with compliance expectations and professional standards.
Upon termination of services, data handling and deletion procedures are governed by contractual terms.
7. DATA SECURITY
We implement appropriate technical and organisational measures to ensure the security of personal data, including:
Encrypted transmission of data using secure protocols (e.g., TLS)
Role-based access control restricting user access to necessary functions
Authentication safeguards
Structured audit logging of user activity
Logical segregation of customer environments (where applicable)
Monitoring of system access and anomaly detection
Secure cloud hosting infrastructure
Security controls are reviewed periodically to ensure continued effectiveness.
8. DATA SHARING AND DISCLOSURE
We may share personal data with trusted third-party service providers who support:
Cloud hosting and infrastructure
Email communications
Monitoring and system diagnostics
Analytics services
All third-party providers are subject to contractual obligations requiring confidentiality and appropriate data protection safeguards.
We may disclose personal data where required by law or regulatory authority.
We do not sell personal data.
9. INTERNATIONAL TRANSFERS
Where personal data is transferred outside the United Kingdom, appropriate safeguards are implemented, including:
Standard Contractual Clauses
Transfers to jurisdictions recognised as providing adequate protection
We ensure that international transfers comply with applicable data protection laws.
10. DATA SUBJECT RIGHTS
Under UK GDPR, individuals have the right to:
Request access to personal data
Request correction of inaccurate or incomplete data
Request erasure where applicable
Request restriction of processing
Object to processing where lawful basis is legitimate interest
Request data portability where applicable
Requests may be submitted to privacy@pharmacyiq.co.uk.
Where PharmacyIQ acts as Data Processor, requests concerning patient data should be directed to the relevant pharmacy Data Controller.
Individuals have the right to lodge a complaint with the
Information Commissioner's Office.
11. AUTOMATED DECISION-MAKING
PharmacyIQ does not engage in automated decision-making that produces legal or similarly significant effects without human involvement.
Forecasting or analytical features within the platform are intended to support operational decision-making and do not replace professional clinical judgment.
12. DATA BREACH RESPONSE
In the event of a personal data breach, we will:
Investigate the incident without undue delay
Notify affected customers where required
Notify relevant supervisory authorities where legally required
Take remedial steps to mitigate risk
Incident response procedures are maintained internally.
13. CHILDREN’S DATA
The PharmacyIQ website and platform are not directed at individuals under 16 years of age.
We do not knowingly collect personal data from children via our public website.
14. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically to reflect:
Changes in legal requirements
Changes in product functionality
Changes in integration scope
Improvements in security practices
The current version will always be published on our website.
15. CONTACT
For any privacy-related enquiries, please contact:
