Privacy Policy

Effective date: 05/04/2025

1. Introduction

Welcome to Onlynpharmacy.co.za.

Onlynpharmacy.co.za ("us", "we", or "our") operates https://onlynpharmacy.co.za (hereinafter referred to as "Service").

Our Privacy Policy governs your visit to https://onlynpharmacy.co.za, and explains how we collect, safeguard and disclose information, including sensitive health information, that results from your use of our Service. Protecting your private information, especially your health information, is our priority.

We use your data, including personal and health information, to provide and improve the Service, process your prescriptions, communicate with your healthcare providers, handle billing and insurance, and fulfill regulatory requirements (such as those under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") if applicable). By using the Service, you agree to the collection and use of information in accordance with this policy and applicable health privacy laws. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

Our Terms and Conditions ("Terms") govern all use of our Service and together with the Privacy Policy constitutes your agreement with us ("Agreements"). Accessing pharmacy services requires the collection and processing of necessary personal and health information.

If you do not agree with (or cannot comply with) these Agreements, then you may not use the Service, as providing pharmacy services is contingent on processing this data. Please let us know by emailing at privacy@onlynpharmacy.co.za so we can address your concerns. These Terms apply to all visitors, users, patients, and others who wish to access or use the Service.

Your privacy and the security of your health information are critically important to us.

2. Definitions

Service means the https://onlynpharmacy.co.za website operated by onlynpharmacy.co.za.

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Protected Health Information (PHI) has the meaning given to it under HIPAA and related regulations (if applicable), and generally includes individually identifiable health information related to your past, present, or future physical or mental health condition, the provision of health care to you, or the past, present, or future payment for the provision of health care to you. PHI is a subset of Personal Data in this policy.

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies are small files stored on your device (computer or mobile device).

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.

Data Processors (or Service Providers) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively. Certain Service Providers who handle PHI on our behalf are designated as Business Associates under HIPAA (if applicable).

Data Subject is any living individual who is the subject of Personal Data.

User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data. In the context of our pharmacy services, the User may also be a patient or a caregiver acting on behalf of a patient.

3. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you, and to fulfill our legal and professional obligations as a pharmacy.

Types of Data Collected

Personal Data and Protected Health Information (PHI):
While using our Service, especially when registering an account, filling prescriptions, or communicating with us, we may ask you to provide us with certain personally identifiable information, including PHI. This information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Date of Birth
  • Full Address (Street, State, Province, ZIP/Postal code, City, Country)
  • Prescription information (medication, dosage, instructions, prescriber details)
  • Medical history, conditions, allergies
  • Insurance information (provider, policy number, group number)
  • Payment Information (credit card details, billing address - often processed by a secure third-party payment processor)
  • Prescribing physician or other healthcare provider information
  • Account login credentials (username, password)

We may use your Personal Data and PHI to contact you with necessary communications regarding your prescriptions, account, treatment, payment, or other information related to the provision of pharmacy services. We will obtain your consent for marketing communications where required by law.

Usage Data:
We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device ("Usage Data").

This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Tracking Cookies Data:
We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. See Section 11 (Cookies Policy) for more details.

4. Use of Data

onlynpharmacy.co.za uses the collected data, including PHI, for various purposes:

  • To provide and maintain our Service, including dispensing medications accurately and safely.
  • To process and fill your prescriptions.
  • To verify your identity and eligibility for services.
  • To manage your account and provide customer support.
  • To communicate with you regarding your prescriptions, treatment options (as directed by your prescriber), refills, account status, and potential drug interactions or safety information.
  • To communicate with your prescribing physician or other healthcare providers as necessary for your treatment and care coordination (e.g., prescription clarification, refill requests).
  • To process payments for services and prescriptions.
  • To facilitate communication with your insurance provider for billing and coverage determination.
  • To fulfill legal and regulatory requirements, including reporting obligations, audits, and compliance with pharmacy laws and regulations (like HIPAA).
  • To monitor the usage of our Service for security and operational purposes.
  • To detect, prevent and address technical issues or potential fraud.
  • To improve our Service offerings and user experience (often using de-identified or aggregated data).
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information (where permitted by law and separate from essential service/health communications).

5. Retention of Data

We will retain your Personal Data, including PHI, only for as long as is necessary for the purposes set out in this Privacy Policy and to comply with our legal and regulatory obligations. For example, prescription records and PHI must be retained for specific periods mandated by state and federal law (such as HIPAA).

We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws, such as pharmacy record-keeping requirements), resolve disputes, and enforce our legal agreements and policies.

Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Once retention is no longer required, we will take steps to securely destroy or de-identify your information in accordance with applicable laws and our internal policies.

6. Transfer of Data

Your information, including Personal Data and PHI, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data and PHI, to the United States and process it there. Your use of the Service followed by your submission of such information represents your agreement to that transfer, subject to the safeguards described herein.

onlynpharmacy.co.za will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable law. No transfer of your Personal Data or PHI will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information, such as through Standard Contractual Clauses where applicable, or Business Associate Agreements for PHI transfers under HIPAA.

7. Disclosure of Data

We may disclose your Personal Data, including PHI, in the good faith belief that such action is necessary or permitted by law:

  • For Treatment: To your prescribing physicians, other healthcare providers, or other pharmacies involved in your care coordination or transfer of care.
  • For Payment: To insurance companies, pharmacy benefit managers (PBMs), or other third-party payors to determine coverage and obtain payment for your prescriptions.
  • For Health Care Operations: For our own operational needs, such as quality assessment, training, audits, legal services, and business planning, as permitted by law (e.g., under HIPAA).
  • To Service Providers/Business Associates: To third-party vendors who perform functions on our behalf (e.g., data hosting, payment processing, communication services, data analytics, delivery services). We require these parties (especially Business Associates handling PHI under HIPAA) to maintain the confidentiality and security of your information through contractual agreements.
  • To Comply with Law: If required to do so by law or in response to valid requests by public authorities (e.g. a court order, subpoena, regulatory audit, public health reporting). This includes mandatory reporting related to controlled substances where applicable.
  • Business Transaction: If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred, subject to confidentiality protections and compliance with applicable laws regarding PHI transfer.
  • Protection of Rights: To protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the Service, protect the personal safety of users or the public, or protect against legal liability.
  • With Your Consent: For any other purpose with your explicit authorization or consent.

8. Security of Data

The security of your data, especially PHI, is critically important to us. We implement administrative, physical, and technical safeguards designed to protect your information from unauthorized access, use, or disclosure, consistent with applicable laws like the HIPAA Security Rule. These measures include:

  • Encryption of sensitive data both in transit (e.g., using SSL/TLS) and at rest.
  • Use of secure servers and hosting environments.
  • Access controls to limit personnel access to PHI based on role and need-to-know.
  • Regular security assessments and vulnerability management.
  • Employee training on privacy and security procedures.
  • Use of Business Associate Agreements with third parties handling PHI.

However, remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data and PHI, we cannot guarantee its absolute security. In the event of a data breach involving unsecured PHI, we will provide notification as required by law (e.g., under HIPAA).

9. Your Data Protection Rights

Depending on your jurisdiction (e.g., HIPAA in the US, GDPR in the EU, CCPA in California), you may have certain rights regarding your Personal Data and PHI. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If applicable under laws like HIPAA, your rights regarding your PHI generally include:

  • Right to Access: You have the right to inspect and obtain a copy of your PHI that we maintain in designated record sets (subject to limited exceptions).
  • Right to Amend: If you believe that PHI we have about you is incorrect or incomplete, you may ask us to amend the information. We may deny your request under certain circumstances permitted by law.
  • Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we made of your PHI for purposes other than treatment, payment, or health care operations, or disclosures made with your authorization.
  • Right to Request Restrictions: You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. We are generally not required to agree to your request, except for disclosures to a health plan for payment or health care operations purposes if you have paid out-of-pocket in full for the service or item.
  • Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location (e.g., sending mail to a different address). We will accommodate reasonable requests.
  • Right to a Paper Copy of This Notice: You have the right to a paper copy of this Privacy Policy upon request.

Other rights under GDPR or CCPA (if applicable) may include the right to erasure (subject to legal retention requirements), the right to object to processing, and the right to data portability.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We may need to verify your identity before responding to such requests. Please note that we may not be able to provide Service without some necessary data, and legal requirements may prevent the deletion of certain records (like prescription history).

You may also have the right to complain to a Data Protection Authority or relevant regulatory body (like the U.S. Department of Health and Human Services Office for Civil Rights for HIPAA concerns) about our collection and use of your Personal Data.

10. Service Providers / Business Associates

We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services, or assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Where these third parties handle PHI on our behalf (acting as "Business Associates" under HIPAA, if applicable), we enter into legally required contracts (Business Associate Agreements) with them to ensure they appropriately safeguard your information.

Examples include payment processors, data hosting providers, delivery services, and communication platforms.

11. Cookies Policy

We use cookies and similar tracking technologies (like web beacons, pixels, and scripts) to track activity on our Service, hold certain information, enhance functionality, and improve your experience.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.

Examples of Cookies we may use:

  • Session Cookies: We use Session Cookies to operate our Service (e.g., keeping you logged in).
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes, like authenticating users and preventing fraudulent use of accounts.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service effectively.

12. Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service, such as Google Analytics.

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. Link: https://tools.google.com/dlpage/gaoptout

We take steps to minimize the PHI shared with analytics providers, often using only aggregated or de-identified data where feasible for analytics purposes.

13. Children's Privacy

Our Service is generally intended for use by individuals who are at least 18 years old. We do not knowingly collect personally identifiable information directly from children under the age of 13 without verifiable parental or guardian consent, as required by the Children's Online Privacy Protection Act (COPPA) and other applicable laws.

However, we understand that we provide pharmacy services for minors. In such cases, a parent or legal guardian must create the account, provide the necessary information (including the minor's PHI), and manage the Service on behalf of the minor. All information collected about a minor is treated with the same high level of confidentiality and security as adult PHI, in accordance with this policy and applicable laws like HIPAA.

If you are a parent or guardian and you are aware that your child has provided us with Personal Data without your consent (outside the context of you managing their account), please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers or obtain necessary consent.

14. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective date" at the top.

We may also provide notice through email and/or a prominent notice on our Service, prior to the change becoming effective, especially for material changes.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our privacy practices, please contact us:

  • By email: privacy@onlynpharmacy.co.za
  • By visiting this page on our website: https://onlynpharmacy.co.za/contact
  • By phone number: [Your Phone Number]
  • By mail: [Your Company Name], Attn: Privacy Officer, [Your Full Postal Address]

For specific concerns related to HIPAA (if applicable), you may contact our designated Privacy Officer at the contact information above. You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.

Legal Disclaimer

This Privacy Policy is provided as a template and for informational purposes only. It does not constitute legal advice. The laws and regulations regarding data privacy and health information (like HIPAA) are complex and vary by jurisdiction. You must consult with a qualified legal professional specializing in health law and data privacy to ensure this policy is accurate, complete, and compliant with all applicable laws and regulations for your specific business operations and location(s). onlynpharmacy.co.za assumes no liability for your use of this template.