Rx32
Menu
Back to Dashboard

Staff Privacy & Data Policy

Last updated: January 2026

⚠️ Important: This policy outlines your responsibilities when handling personal and medical data. Non-compliance may result in disciplinary action and legal consequences.

1. Overview

As a staff member, you will have access to sensitive personal data including names, addresses, medical histories, prescription information, and payment details. This policy explains how you must handle this data in compliance with GDPR and UK data protection laws.

2. Types of Data You May Access

  • Personal Data: Names, email addresses, phone numbers, postal addresses
  • Medical Data: Health questionnaires, medical histories, prescriptions
  • Financial Data: Order values, payment status (not full card details)
  • Communication Data: Messages between patients and pharmacists

3. Data Handling Principles

Minimisation

Only access data that is necessary for your specific task.

Purpose Limitation

Use data only for the purpose it was collected.

Security

Never share, export, or store data outside approved systems.

Confidentiality

Never discuss patient information outside of work contexts.

4. Prohibited Actions

The following actions are strictly prohibited and may result in immediate termination and legal action:

  • Accessing patient records without legitimate reason
  • Sharing login credentials with others
  • Exporting data to personal devices or email accounts
  • Discussing patient information on social media
  • Taking screenshots of patient data
  • Accessing records of family, friends, or celebrities

5. Data Breach Reporting

If you become aware of any actual or suspected data breach, you must report it immediately to the Data Protection Officer:

Email: privacy@rx32.co.uk
Phone: Contact your supervisor

6. Your Data as a Staff Member

Rx32 also processes your personal data as an employee/contractor. This includes your name, contact details, role, and access logs. This data is used for system administration, audit trails, and compliance purposes.

7. Contact

For questions about data protection: privacy@rx32.co.uk

© 2026 Rx32 Ltd. All rights reserved.