At DigiPharma, safeguarding the privacy and security of the information entrusted to us is foundational to our operations. Our platform is designed specifically for pharmacy partners, with patient data accessible only within designated clinical accounts. All patient information is encrypted, securely transmitted, and stored on Amazon Web Services (AWS) infrastructure for a minimum of eight years, or longer if contractually required by the client.
We do not and will never use personally identifiable patient data for any internal, commercial, or marketing purposes. DigiPharma does not contact patients directly. Any communication with patients occurs solely through our platform and under the direct control of the clinical client. Patients are only offered services that you, as the client, have chosen to provide.
We collect only essential, anonymised activity data. This is used to:
- Enhance collaboration with clients
- Optimise user experience
- Improve product performance
- Understand generalised healthcare trends
In collaboration with select third-party partners (e.g., research organisations or healthcare analytics providers), we may use aggregated, fully anonymised data to analyse population-level health trends and demand signals. Under no circumstances is identifiable patient information shared, and no member of our business or commercial teams has access to this data. Access is strictly restricted to authorised personnel within active clinical accounts.
2. Data Security & ComplianceDigiPharma is fully compliant with the General Data Protection Regulation (GDPR). Our security protocols are aligned with Cyber Essentials standards, and we use end-to-end encryption for both storage and transmission of data. Our technical and organisational measures include:
- Role-based access controls (RBAC)
- Audit logging of all data interactions
- Encrypted backups
- Real-time intrusion detection
- Regular security audits and penetration testing
All data is processed in compliance with applicable UK GDPR and Data Protection Act 2018 requirements.
3. Data Protection PrinciplesWe adhere to GDPR's core principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Before any personal data is collected, explicit, informed consent is obtained where required. Data is only processed for specified and legitimate purposes and stored no longer than necessary.
4. Data Subject RightsWe fully support the rights of individuals under GDPR, including the right to:
- Access their data
- Correct or update inaccurate data
- Request deletion (right to be forgotten)
- Restrict processing
- Object to processing
- Data portability
Clients and users may contact us at any time to exercise these rights. We aim to respond to all legitimate requests within 30 days, in line with regulatory requirements.
5. ContactFor data protection inquiries or to exercise your data rights, please contact our Data Protection Officer (DPO):
Email: admin@digipharma.co.uk
ICO Registration Number: ZB722243
DPO: Craig Murdoch