Introduction
www.5starpharmacy.com is operated by Elluk Pharmacy Ltd. We are a registered pharmacy located in the tropical islands of Vanuatu. When you shop with us, we need to collect personal information about you in order to prepare your order. This policy is about what we do with your personal information and how we protect it.
We embrace our privacy obligations stipulated in the EU General Data Protection Regulation (GDPR). This is a high standard and, in most cases, exceeds the privacy requirements of other countries.
What is personal data?
The EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an
identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to
an identifier such as a name, an identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that
natural person”.
Why personal information is collected
When you visit our website for the first time, you will be asked if you will accept cookies. These are saved on your
computer in your web browser to help you shop on our site. The cookies are private and are encrypted. We do not
share them with anyone else, and they are no more than helpers for you by noting things such as managing your
session, your preferred currency, your country, and passing information between our web pages as you shop.
Just like any online ordering, we need to know who you are and where we should send your order? So we need the
name of the person placing the order and their address. We also need the name and address of the person we are
sending the order to.
We sell medicine, so we need to know your age, and we collect this as your date of birth. This must be the age of
the person placing the order. We cannot sell medicine to people under 18 years of age. We also need your email
address so we can contact you, and your phone number.
The items you order are specified in your prescription. Your prescription contains information about the person
who will be taking the medicine, such as name, address and date of birth, and the medicines prescribed. We need
this so we can process your order. We will put a copy of the prescription in the parcel when we ship this to
your specified delivery address. When the parcel arrives in your country, the customs department may open your
parcel and read the prescription.
You also provide us with information about your payment. We need that information so we can process your payment.
As your payment will be transferred to our bank in Vanuatu, your payment becomes an international transaction,
and banking regulations require us to identify the source of funds. We will tell the bank(s) and our payment
processor your name, address, date of birth, email address, and the value of your order. They use this
information as part of their legal requirements to be sure you as the payer, are not on any prohibited lists for
money laundering or funding terrorism. Banks are also obligated to follow privacy legislation, and that
information is protected. Sometimes people have names the same as others already listed. In these cases, we may
request additional information from you to prove you are not the same person as on the prohibited list. That
request might be official ID, proof of address, employer details or some other information. We only request this
if the bank asks for it.
Where we need to use a payment processor to process your payment, we provide your payment information to them.
They will use this information to perform credit referencing, and they will decide if they will process your
payment. We do not receive the details have about your credit record other than a pass or decline, so we can
only share the outcome with you.
If there is a problem with your payment, such as deciding to chargeback your payment, or the bank reverses the
transaction, we will contact you to understand and work with you to resolve the problem. If the problem cannot
be resolved and you are in default, we will submit your failed payment information to our credit checking
service. Should you make good on your payment with us at any time, or we agree with you that the returned
payment was justified, then we will promptly advise the credit checking service that you have resolved the
matter with us.
When we maintain and develop our website, we may use trusted outside parties to do this work. They are obligated
to maintain the same privacy requirements should any of your personal information be accessible by them.
When we ship your parcel, we write your delivery details on the parcel, and this is readable by whoever is
delivering it. We also electronically supply this information to the postal service, or CDS (Customs Declaration
System), or the courier company. The electronic submission includes your email address (if you provided one) and
your contact phone number.
Sometimes we use MailChimp to process our emails to you. In those cases, we provide the minimum personal information
possible, so they can email you. MailChimp has published a privacy policy.
How we protect your information
As required by privacy legislation, we are required to keep your information secure, minimise its disclosure to
only parties that need it (as detailed above) and monitor who accesses your information. We do all these things.
When you shop on our site, you secure your account and the information it contains with a password. Your password
is encrypted, and we have no means to view it. We recommend that the password you use is reasonably complex and
unique to our site. If you lose it, you can perform a password reset via a link we email you.
Our websites and systems operate in a PCI/DSS SAQ D compliant environment. This means we have installed the
security measures required in that standard, and we are regularly being tested for compliance by an external
testing agency authorised to do this.
We encrypt specified sensitive data, and in all cases, we record how it is used, shared, and how and when our
staff access it.
Information we collect from you is stored for ten years, and then it is automatically deleted.
When we pass any of your personal information to other parties, we are obligated under GDPR to ensure that the
party has an equivalent privacy policy to give you the required protection as specified in GDPR.
Contacting you
When you shop on our site for the first time, we ask you to select the type of reasons we may contact you. You
can view and change this at any time if you visit the “My Account” page.
We will always contact you for any matters relating to an order you have placed. We may also need to contact you
afterwards regarding successful or unsuccessful delivery, or about your payment. We will contact you immediately
if we have been advised of a product quality problem for something you have purchased.
You can choose to allow us to contact you about important issues, and we recommend you always allow this. We
class important issues not to be advertising, but to be anything relating to our changed contact details,
shipping alerts such as we experienced with COVID-19 or changes in regulations such as privacy policy or
customs.
We ask you separately if we can contact you about promotional information. We use this to provide you with
information that could be of benefit to you, either directly or via social media.
Accessing, correcting and deleting your information
You may at anytime request that we supply you a copy of your personal information we have about you.
You may request us to correct any information we have about you if it is incorrect.
You may also request us to delete your information. For legal requirements, we are unable to delete any
information about your orders for a period of ten years. At that time, it is deleted automatically.
Before we can assist you with these requests, you will need to provide sufficient proof of identity such as
official photo ID and recent proof of address. This is to ensure we are only providing this to you and not
someone else.
How to contact us
If you would like to contact us in regards to our privacy policy, your personal information we have about
you, or to report a data breach, please use the contact information below: