Privacy Policy

    How we collect, use, and protect your personal information — in accordance with UK GDPR and the Data Protection Act 2018.

    UK GDPR Compliant

    We process your data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018.

    Secure & Confidential

    All health records are stored securely with NHS-grade confidentiality standards.

    No Data Selling

    We never sell or commercially share your personal information with third parties.

    Your Rights Protected

    You have full rights to access, correct, and request deletion of your data.

    Last Updated: March 2026

    This policy applies to Gloucester Travel Clinic, operated by Brookfield Pharmacy and Hucclecote Pharmacy. It explains your rights and our obligations under UK GDPR, the Data Protection Act 2018, and relevant NHS and GPhC guidance.

    1. Who We Are

    Gloucester Travel Clinic is operated by Brookfield Pharmacy (GPhC registration: FGQ38) and Hucclecote Pharmacy (GPhC registration: FG509), collectively referred to as 'we', 'us', or 'our' in this Privacy Policy.

    We are the data controllers for the personal information we process in connection with our travel health and pharmacy services. We are registered with the Information Commissioner's Office (ICO) as required under UK GDPR and the Data Protection Act 2018.

    Our registered pharmacies are located at 5 Brookfield Road, Hucclecote, Gloucester, GL3 3HA and 7 Glenville Parade, Hucclecote, Gloucester, GL3 3ES.

    2. Information We Collect

    We collect and process the following categories of personal information when you use our services:

    Identity and contact information: your full name, date of birth, address, telephone number, and email address.

    Health information (special category data): your medical history, current medications, allergies, vaccination records, travel itinerary details, and any relevant health conditions required to provide safe and appropriate travel health advice, vaccinations, and prescription medicines.

    Payment information: billing details necessary to process payments for private services. We do not store full card details; payments are processed securely by our payment provider.

    Website usage data: when you visit our website, we may collect anonymised technical data such as your IP address, browser type, and pages visited through cookies and analytics tools. This data does not identify you personally.

    Communications: records of correspondence, consultation notes, and enquiries you submit through our website, by telephone, or in person.

    3. How We Use Your Information

    We use your personal information for the following purposes:

    To provide healthcare services: processing your personal and health information is necessary for the provision of medical care, including travel health consultations, administration of vaccines, prescribing antimalarials, and dispensing medication. The legal basis is Article 9(2)(h) UK GDPR — processing for the purposes of preventive or occupational medicine and the provision of health care.

    To manage appointments and communications: confirming, amending, or cancelling bookings and sending relevant health reminders. Our legal basis is contract performance and legitimate interests.

    To fulfil legal and regulatory obligations: as GPhC-registered pharmacies, we are required by law to maintain accurate dispensing and prescribing records, report to NHS England where applicable, and comply with professional guidance from organisations such as NaTHNaC, MHRA, and Public Health England.

    To process payments: where services are chargeable, we process billing information on the basis of contract performance.

    To improve our services: anonymised and aggregated data may be used to analyse and improve the quality of our services. No identifiable data is used for this purpose.

    4. Sharing Your Information

    We do not sell your personal data. We may share your information only in the following circumstances:

    With your GP or other healthcare providers: where clinically appropriate, we may share relevant vaccination records or health information with your registered GP. We will inform you when this is relevant.

    With NHS systems and bodies: as NHS-commissioned pharmacies, we may be required to share data with NHS England, NHS Business Services Authority (NHS BSA), or Public Health England for commissioning, reporting, or public health surveillance purposes.

    With our service providers: we may engage trusted third-party processors (such as our booking system, appointment reminder service, or website hosting provider) who process data strictly on our behalf and under contract, in compliance with UK GDPR.

    When legally required: we will disclose information when legally obligated to do so, such as in response to a court order, safeguarding concerns, or a formal regulatory request.

    We require all third parties to respect the security of your data and to treat it in accordance with applicable data protection law.

    5. How Long We Keep Your Data

    We retain personal data only for as long as necessary for the purposes described in this policy and in accordance with NHS and GPhC record retention guidelines.

    Patient health records (including vaccination and consultation records): retained for a minimum of 8 years from the date of last treatment in line with NHS guidance, or until the patient's 25th birthday if the record relates to a child.

    Prescription and dispensing records: retained for 2 years in accordance with Medicines Act requirements.

    General enquiry and contact data: retained for up to 12 months after last contact, unless a longer retention period applies.

    Financial records: retained for 6 years in accordance with HMRC and Companies Act requirements.

    After the applicable retention period, data is securely deleted or anonymised.

    6. Your Rights Under UK GDPR

    As a data subject under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

    Right of access: you may request a copy of the personal data we hold about you (Subject Access Request). We will respond within one calendar month.

    Right to rectification: you have the right to request correction of inaccurate or incomplete personal data.

    Right to erasure ('right to be forgotten'): you may request deletion of your data where we no longer have a lawful basis to retain it. Note that health records subject to statutory retention obligations cannot always be deleted on request.

    Right to restriction: you may request that we limit how we use your data in certain circumstances.

    Right to data portability: where processing is based on consent or contract performance, you may request a structured, machine-readable copy of your data.

    Right to object: you may object to processing based on legitimate interests or for direct marketing purposes.

    Rights related to automated decision-making: we do not make solely automated decisions that have a significant effect on you.

    To exercise any of these rights, please contact us using the details in section 9. We will respond within one month of receiving your verified request. You will not be charged for making a request unless requests are manifestly unfounded or excessive.

    7. Data Security

    We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your information against unauthorised access, disclosure, alteration, or destruction.

    These measures include: role-based access controls, encrypted storage of electronic records, secure NHS mail for health-related email communications, password-protected systems, and staff training on data protection and confidentiality obligations.

    In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform affected individuals without undue delay.

    8. Cookies and Website Analytics

    Our website uses cookies to improve your browsing experience and to analyse how visitors use the site. Cookies are small text files placed on your device.

    Essential cookies: necessary for the website to function correctly. These cannot be disabled.

    Analytics cookies: we use anonymised analytics tools (such as Google Analytics) to understand how our website is used. No personally identifiable information is collected through these cookies. You may opt out of analytics cookies via your browser settings or our cookie consent banner.

    We do not use advertising or tracking cookies.

    9. Contact Us & How to Complain

    If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have a concern about how we handle your data, please contact us:

    Brookfield Pharmacy: 5 Brookfield Road, Hucclecote, Gloucester, GL3 3HA · Tel: 01452 618377 · Email: pharmacy.FGQ38@nhs.net

    Hucclecote Pharmacy: 7 Glenville Parade, Hucclecote, Gloucester, GL3 3ES · Tel: 01452 616906 · Email: pharmacy.FG509@nhs.net

    If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection:

    ICO Helpline: 0303 123 1113 · Website: www.ico.org.uk · Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

    10. Updates to This Policy

    We review and update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or regulatory guidance.

    The current version will always be available on this page. Material changes will be communicated to patients with active records where required by law.

    This Privacy Policy was last updated in March 2026.

    Have a data protection question?

    Our team is happy to help with any questions about your personal data or rights.