RENOMINATE – PRIVACY POLICY
Operated by DHM Digital Limited (Company Number 16953956)
Scope of This Privacy Policy
This Privacy Policy applies to visitors to the Renominate website, pharmacies enquiring about or using the Renominate service, and business contact data relating to pharmacy owners, managers, or authorised staff.
Processing of patient personal data is governed separately by the Data Processing Agreement (DPA) between the pharmacy and Renominate and is not covered in detail by this Privacy Policy.
Processing of Patient Data on Behalf of Pharmacies
Renominate provides services to pharmacies and, in doing so, may process limited patient personal data on behalf of those pharmacies.
In these circumstances:
The pharmacy remains the Data Controller
Renominate acts as a Data Processor, processing data only on the pharmacy’s instruction
Patient data is used solely to confirm whether a prescription nomination change was authorised
Data is not used for marketing, profiling, or competitive purposes
Renominate contacts patients only where authorised by the pharmacy and only to confirm awareness of a nomination change. Communication is neutral, factual, and purpose-limited.
If a patient confirms that a nomination change was authorised, no further processing takes place.
Lawful Basis for Processing
Where Renominate processes patient data on behalf of pharmacies, the lawful basis may include:
The pharmacy’s legitimate interests in identifying unauthorised nomination changes
Patient consent obtained during the confirmation process
Compliance with professional and regulatory obligations
Data Retention
Patient personal data processed as part of the Renominate service is:
Retained only for as long as necessary to fulfil the agreed purpose
Securely deleted or returned in line with contractual and legal requirements
Data Sharing
Renominate does not sell, reuse, or share patient personal data for any unrelated purpose.
Data may be disclosed only where required to support regulatory or professional processes, and only in accordance with applicable law.
In Summary
Renominate does not act independently with patient data
All processing is carried out on behalf of pharmacies
Patient choice and data protection are respected at all times
Personal Data We Collect
We may collect and process the following categories of personal data:
Business and enquiry data, including name, pharmacy or business name, email address, telephone number, and enquiry details.
Website usage data, including IP address, browser type, pages viewed, and cookie-based analytics.
Pharmacy account data, including pharmacy name, address, authorised contact details, service configuration information, and aggregated or anonymised performance reports.
Patient Data
Renominate processes patient data strictly on behalf of pharmacies and only under their documented instructions. Renominate does not determine the purpose or lawful basis for patient data processing.
All patient data processing is governed by the Data Processing Agreement (DPA).
Patients with questions about how their data is used must contact their pharmacy directly, as the pharmacy remains the Data Controller.
How We Use Personal Data
We use personal and business data only to:
Respond to enquiries and requests for information.
Provide access to the Renominate service.
Deliver authorised pharmacy campaigns and services.
Provide reporting, analytics, and service updates to pharmacies.
Maintain service security, integrity, and compliance.
We do not use personal data for unrelated marketing, resale, profiling, or automated decision-making.
Lawful Basis for Processing
Business and enquiry data is processed under legitimate interest or contractual necessity.
The lawful basis for patient data is determined solely by the pharmacy. Renominate acts only as a Data Processor and does not establish lawful basis for patient data.
Data Sharing
We do not sell, rent, or share personal data with third parties for their own purposes.
Where necessary for service delivery, data may be processed by GDPR-compliant infrastructure providers (such as hosting or secure messaging services) acting under strict contractual controls and only on our instructions.
Data Security
We apply appropriate technical and organisational measures to protect data, including encryption, access controls, secure systems, and monitoring.
Detailed patient data security measures are defined in the Data Processing Agreement.
Data Retention
Business and enquiry data is retained only for as long as necessary to fulfil its purpose or meet legal obligations.
Patient data retention and deletion are governed by the Data Processing Agreement and controlled by the pharmacy. Data may be deleted upon request, subject to legal or regulatory requirements.
Your Rights
Depending on your relationship with Renominate, you may have rights including access, rectification, erasure, restriction, and objection.
Patients should contact their pharmacy directly regarding their rights.
Business users may contact Renominate using the details below.
Cookies and Analytics
We use cookies and similar technologies to ensure website functionality and to measure performance and usage. Cookie preferences can be managed through browser settings. A separate Cookie Policy may be provided where required.
Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on the Renominate website.
Contact Information
Renominate
Operated by DHM Digital Limited
Company Number: 16953956
Email: support@dhmdigital.net