Privacy Policy
Your privacy is important to us. Learn how we collect, use, and protect your personal information.
Last Updated: January 1, 2025
1. Introduction
This Privacy Policy explains how O'Sullivan's Pharmacy Group Limited ("we", "our", or "us") collects, uses, stores, and protects your personal data when you interact with our services, including our online billing portal powered by Alphalake and payment services powered by Dojo.
We are committed to safeguarding your privacy and ensuring compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018 (Ireland), and applicable healthcare data protection standards.
2. Who We Are
Data Controller:
O'Sullivan's Pharmacy Group Limited
King's Island, Island Road,
Limerick, V94 T2RF,
Ireland
Email: niall@osullivanspharmacy.com
Phone: +353 61 445050
Data Protection Officer:
Niall O'Sullivan
Email: niall@osullivanspharmacy.com
Phone: +353 61 445050
3. What Data We Collect
We may collect the following categories of personal data:
- Identification Data: Name, contact details (email, phone), address
- Billing Information: Payment history, invoice references
- Health Service Context: Pharmacy name, service interactions
- Technical Data: IP address, browser type, usage logs when using our billing portal
- Payment Details: Cardholder name, masked card data (collected securely via Dojo)
We do not collect or store full payment card details. All payment transactions are processed via Dojo, a PCI DSS-compliant provider.
4. How We Use Your Data
We process your data for the following lawful purposes:
| Purpose | Legal Basis |
|---|---|
| Managing billing and payments | Contractual necessity |
| Providing customer support | Legitimate interest |
| Compliance with legal obligations | Legal obligation |
| Preventing fraud or misuse | Legitimate interest |
5. Third-Party Services
We share your data only with trusted third parties where necessary:
- Dojo (Payments): For processing secure payments
- Alphalake AI and Services (IT & Hosting Partner): For development, maintenance, and secure hosting of the billing portal
- Regulatory Bodies: When required by law (e.g. HSE, Revenue, Data Protection Commission)
All processors are bound by data processing agreements and are compliant with GDPR.
6. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
Encrypted communication via HTTPS
Role-based access controls
Secure cloud infrastructure
Regular data protection assessments
7. Data Retention
We retain personal data only as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. Typically, billing data is retained for 7 years for financial recordkeeping.
8. Your Rights Under GDPR
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase data ("right to be forgotten")
- Restrict or object to processing
- Port your data to another service
- Lodge a complaint with the Data Protection Commission (DPC)
You can contact the DPC via: https://www.dataprotection.ie/
9. International Transfers
We do not transfer your personal data outside the European Economic Area (EEA). If this ever becomes necessary, we will ensure appropriate safeguards (e.g. SCCs or adequacy decisions) are in place.
10. Cookies & Analytics
Our billing portal may use essential cookies for security and functionality. We do not use third-party marketing or profiling cookies.
11. Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us at:
O'Sullivan's Pharmacy Group Limited
King's Island, Island Road,
Limerick, V94 T2RF,
Ireland
Email: niall@osullivanspharmacy.com
Phone: +353 61 445050
Need Help?
If you have any questions about our privacy practices or need assistance with your data rights, we are here to help.
Access Your Portal