Privacy Policy

Last updated: April 2026  ·  Maverick Healthcare Ltd  ·  GPhC No. 9010888

1. Who we are

Maverick Pharmacy is a GPhC-registered distance-selling pharmacy operated by Maverick Healthcare Ltd, based in Birmingham, England. Our superintendent pharmacist is Nafisa Fathma MPharm.

We are the Data Controller for all personal data processed through this website and our pharmacy services.

• Email: info@maverickpharmacy.co.uk
• Phone: 0121 471 2460
• GPhC Registration: 9010888

2. What data we collect

We collect the following categories of personal data:

• Identity data: full name, date of birth
• Contact data: email address, phone number, postal address
• Health data: NHS number, GP details, prescription information, medical conditions, allergies, current medicines, pregnancy/breastfeeding status
• Transaction data: details of medicines ordered and payments made
• Technical data: IP address, browser type, pages visited (via Firebase Analytics)
• Communications data: messages sent via our contact form or live chat

Health data is classified as Special Category Data under UK GDPR and receives the highest level of protection.

3. How we use your data

We use your personal data for the following purposes:

• Dispensing and delivering medicines safely
• Verifying prescription validity with your GP or NHS systems
• Conducting clinical safety checks before dispensing
• Managing your consultation bookings
• Processing payments for private medicines
• Responding to enquiries and providing customer support
• Complying with our legal and regulatory obligations as a GPhC-registered pharmacy
• Preventing fraud and ensuring the safety of medicines sold online

4. Legal basis for processing

• Contract performance — to fulfil your prescription or medicine order
• Legal obligation — to comply with GPhC, MHRA and NHS regulations
• Vital interests — to protect your health and safety
• Explicit consent — for health data where required, which you may withdraw at any time
• Legitimate interests — for fraud prevention and service improvement

5. Who we share your data with

We do not sell your data. We may share it with:

• Your GP / NHS systems — to verify prescriptions and update your medical record
• NHS Electronic Prescription Service (EPS) — for NHS prescription processing
• Delivery partners — name and address only, to fulfil your delivery
• Payment processors (Stripe) — for secure payment processing; Stripe does not receive health data
• Google (Firebase) — for secure data storage and authentication; all data is stored in UK/EU data centres
• Regulatory bodies — GPhC, MHRA or law enforcement where legally required

6. How long we keep your data

• Prescription records: minimum 2 years (GPhC requirement)
• Patient records: 8 years from last contact (NHS standard)
• Financial records: 7 years (HMRC requirement)
• Contact/enquiry data: 12 months
• Website analytics: 26 months

7. Cookies

Our website uses cookies for:

• Essential cookies: keeping you logged in, basket contents
• Firebase cookies: authentication and Firestore real-time data
• Live chat (Tawk.to): chat session management

By continuing to use our website you consent to essential cookies. You can disable non-essential cookies in your browser settings.

8. Your rights under UK GDPR

You have the right to:

• Access — request a copy of the data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — ask us to delete your data (subject to legal retention requirements)
• Restriction — ask us to limit how we use your data
• Portability — receive your data in a machine-readable format
• Object — object to processing based on legitimate interests
• Withdraw consent — at any time, where consent is the legal basis

To exercise any of these rights, contact us at info@maverickpharmacy.co.uk. We will respond within 30 days.

9. How we protect your data

• All data is transmitted over encrypted HTTPS connections
• Health data is stored in Firebase Firestore with role-based access controls
• Only authorised pharmacy staff can access patient records
• Payment data is handled exclusively by Stripe — we never store card details
• Staff receive regular data protection training

10. Complaints

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113

11. Changes to this policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. Significant changes will be communicated by email if you have an account with us.