Who are we?
We are Fill Function UK Ltd of 12 New Fetter Lane, London, United Kingdom, EC4A 1JP. We are the data controller of your personal data when you use the Juniper platform and our online pharmacy service. Our pharmacy is registered with the General Pharmaceutical Council, registration number 9011842. We are an affiliate of Juniper Technologies UK Limited.
Why are you reading this?
This privacy notice describes how we, as a controller, protect personal data and respect privacy in accordance with data protection law, including the UK General Data Protection Regulation ("UK GDPR").
The Juniper platform connects customers with registered prescribing pharmacists that we have partnered with ("Prescribers"). Please note that Prescribers shall be separate and independent controllers of your personal data from us, and shall process personal data in accordance with their own privacy processes and practices.
Does it apply to you?
Whether you are using the Juniper platform and services (including the mobile app) as a customer or are just visiting the Juniper website (https://myjuniper.co.uk/), this privacy notice applies to you. For the purposes of this privacy notice, customers also include potential customers who have started (but not finished) the online questionnaire on the Juniper website. This privacy notice also applies to you if you or your employer has a business relationship with us.
Please take a moment to read it!
How do we collect your personal data?
From the first moment you interact with Juniper, we are collecting your personal data. Sometimes you voluntarily provide us with personal data, sometimes personal data about you is collected automatically, and sometimes we collect it from third parties, including our Prescribers. How we collect your personal data will usually depend upon our relationship with you (and we have provided some examples below).
What personal data do we collect?
We may collect some or all of the personal data listed below depending upon our relationship with you:
How and why do we use your personal data?
Data protection law requires that we only use your personal data for purposes that we tell you about and where we have a legal basis to do so. Here are the purposes and legal bases for which we process the personal data talked about above:
To provide our services to you: To offer and provide you with our weight management-related services; to register you with a Juniper account; to connect you to Prescribers; to run our online health community and provide you with advice and content.
- Legal basis for this data usage: Contract, Consent (for use, and sharing, of your health data)
To fulfil your orders: For our pharmacy to process your orders, dispense your prescription and supply or transfer your medication to you.
- Legal basis for this data usage: Contract, provision of health treatment
To provide you with and run our online community: to provide you with access to our online community, and access to health coaches and weight management-related content and advice.
- Legal basis for this data usage: Legitimate interests, Consent (health data)
To communicate with you: To communicate with you about our services or goods (including to tell you when you have a new message from your Prescriber and send you reminders of this), to provide you dispatch and track information, to manage returns and exchange authorisations, to provide customer support and/or to answer any queries you have asked us.
- Legal basis for this data usage: Contract, Legitimate interests (to administer our business)
To send you marketing that you have asked us to or we think you will like: To send you marketing or promotional information; to send you reminders about services or products that you have expressed an interest in. Where you have consented, we may also use your health data to send you marketing information that is tailored to you or we think could be of interest to you.
- Legal basis for this data usage: Consent, Legitimate interests (to send marketing communications to potential customers or customers where we are allowed to)
Seeing adverts for Juniper online: We use online advertising to keep you aware of what we are offering and to help you see and find our products and services. How we use your personal data to do this is further described in the relevant section below.
- Legal basis for this data usage: Legitimate interests (to use your personal data to help us serve relevant advertisements where we are allowed to)
To improve Juniper: To improve Juniper or any of Juniper's brand group companies’ products and services, including analytics, research and development or to otherwise manage our business, and including our website.
- Legal basis for this data usage: Legitimate interests (to improve our business); Consent
To enable us to comply with the law: To comply with any legal or regulatory obligations or requirements that apply to us, including carrying out any identity (anti-fraud) checks that we are required to undertake or to comply with any record-keeping requirements that apply to us.
- Legal basis for this data usage: Legal obligation
To manage our business relationships: To manage the contract or business relationship we either have with you or your employer.
- Legal basis for this data usage: Legitimate interests (to manage our contracts and business relationships)
To enforce our rights where needed: To seek professional advice, to enforce or protect our rights, to establish and defend legal claims; to conduct investigations or take action in relation to crime and fraud prevention, risk management, and violation of our terms and conditions for services.
- Legal basis for this data usage: Legitimate interests (enforcing or protecting our legal rights)
More information on what these legal bases mean
- Contract: Processing your personal data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract. For example, we need to process your personal data (contact details, billing information) in order to provide you with any products that you have purchased.
- Consent: We ask for your consent to process your personal data in certain circumstances. We provide further details on this below.
- Provision of healthcare: Processing your data is necessary for the provision of health treatment being processed by or under the responsibility of a health professional, which includes pharmacists and pharmacy technicians. We rely on this legal basis where we process your information where you use our online pharmacy services and purchase from us prescription-only medicine.
- Legitimate interests Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. Our legitimate interests are listed above.
- Legal obligations Processing your data is necessary for us to carry out our obligations under applicable law. For example, to carry out identity checks to comply with anti-fraud rules in the UK when you make a purchase from us.
We obtain your consent in order to collect and share (including with Prescribers) any of your health data provided as part of the online questionnaire. You provide this consent when you start the quiz and provide us with answers to the questions. However, it is important that you understand that when you purchase any medications from our pharmacy, we rely on the different legal basis of ‘provision of healthcare’, as described above, in order to fulfil that prescription.
We also seek your consent to use your personal data to personalise any marketing that we may send you in accordance with this Privacy Notice.
You have the right to withdraw your consent at any time.
Under UK data protection legislation, we usually need your opt-in consent to send you any direct marketing messages. However, in certain circumstances we are permitted to send you marketing messages without your opt-in consent in relation to products and services which are similar to those which you have already purchased, used or interacted with. This is known as ‘soft consent’. This means we may send you messages on similar services and products even where you have not provided any ‘opt-in’ consent, but you can always ‘opt-out’ of receiving these marketing messages at any time.
If we want to send you any marketing messages that are beyond the scope of similar services and products, we will always obtain your opt-in consent.
We may also send you marketing messages which are relevant to you based on your health data, but only where you have consented to your health data being used in this way.
You can opt out of receiving some or all marketing messages at any time, including any marketing messages we send where we rely on ‘soft consent’, if you do not wish to receive these from us. You can do so by following the unsubscribe link included in the marketing message or by contacting our Privacy Team (see ‘Contact Us’ below).
You may see Juniper banners and ads when you are on other websites and apps, such as social media. We manage this through a variety of digital marketing networks and ad exchanges, and use a range of advertising technologies.
We use tools of social media platforms to advertise our products and services (e.g. Facebook Custom Audience). We use these tools to match information that we hold with personal data in their database to create custom audiences and tailor advertising to your interests on the internet, including social media, as permitted by applicable law. Some of this is done through ‘re-targeting’, which displays advertisements relevant to Juniper products and services you have previously viewed on our website. For example, we may provide email addresses, that we obtained from you (e.g. when providing this to us as part of the quiz) to a social media platform, which are then usually hashed (encrypted) and matched against their own data, for them to present sponsored posts in your feed. We do this to offer tailored advertisements that may be of interest to you if you have shown an interest in our products.
We also use information about our customers to generate a "lookalike audience" or similar audience of prospective customers through the Facebook or Google advertising platforms. This allows us to target advertisements on their networks to potential customers who appear to have shared interests or similar demographics to our existing customers, based on the platforms' own data. Again, this is usually achieved through the provision of email addresses, which are hashed and then later deleted once the lookalike audience is created. We do not have access to the identity of anybody in the lookalike audience, unless they choose to click on our ads. Based on this, we believe that generating lookalike audiences poses little or no threat to the privacy of our customers.
If you opt-out of receiving all marketing messages from us then we will not share your personal data for these purposes.
Who do we share your data with?
Sometimes it is necessary for us to share your personal data with third parties. Your personal data is shared only when we consider it to be necessary and according to the safeguards, and for the purposes, detailed in this privacy notice. We will never disclose your health data unless we have a lawful basis to do so, which would usually be where you have given us your consent to do so.
- Prescribers: we need to share your personal data with the Prescribers so they can carry out consultations with you. This includes the sharing of your health data as part of the online health questionnaire where you have consented.
- Your GP: where you have provided consent for us to do so, we share your personal data with your GP for the purposes of providing them with information about your medicine subscription.
- Third party service providers: we share your personal data with various third-parties that we rely upon to perform a variety of services on our behalf and to help grow and improve the Juniper business, such as IT service providers (including cloud IT service providers), payment system operators (such as Shopify or Stripe), delivery and fulfilment providers (in order to deliver your subscription), third parties who carry out identity checks on our behalf, our professional advisors (such as lawyers) and any other organisations that provide us with technical and support services.
- Our group companies: we will share personal data in certain circumstances with other companies across the group of companies that we and the Juniper brand is part of.
- Third-party advertising providers: we may share your personal data with third party providers that we partner with to provide ad tailored advertising services to us.
- Regulators or other authorities: we will share your personal data where we are legally required to do so or where we think this is required and we are permitted to do so, for example to respond to a request for cooperation from a relevant authority.
- Other third parties to protect us: we may share your personal data as required in order to help prevent fraud or to protect or enforce our rights or the rights of any of our group companies.
- Other parties as part of a corporate transaction, if it is proposed that we are to merge with or be acquired by another business in the future, we may share your personal information with potential purchasers, where this is necessary, or the new owners of the business or company.
Overseas transfers of personal data
From time to time, we may transfer your personal data to parties outside of the UK, e.g. to our group companies in Australia or to third party service providers with servers located in the United States.
Where we do so, we ensure a similar degree of protection is afforded to your personal data as in the UK. We do this by sending your data to countries that the UK has deemed to provide essentially equivalent protection or by entering into UK approved standard contractual clauses (including the European Union standard contractual clauses alongside the UK addendum) with the relevant party.
How do we protect your personal data?
We care about protecting your personal data. That's why we take steps to make sure that we have in place appropriate security measures to protect your personal data from being damaged, changed, lost, used in the wrong way, or accessed by people who do not have permission.
In particular, we maintain appropriate physical, organisational and technical measures so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal data. This includes access controls, encryption, security audits of our systems and protection of data integrity.
Where we use third party service providers to help provide the Juniper service, we have contracts in place with those third-party service providers which require them to implement security measures to protect the data they hold and have in place appropriate security measures.
However, please remember that you provide personal data at your own risk: unfortunately, no data transmission over the internet is guaranteed to be 100% secure.
How long do we keep your personal data?
We will retain your personal data for so long as we have a valid purpose, and for so long as required to comply with applicable law, establish legal defences and resolve disputes. When determining this retention period we take into account any record retention requirements under law and any limitation periods relevant to legal action.
You have various rights in relation to the personal data which we hold about you. Some of these rights may not always apply, as there are sometimes requirements and exemptions which may mean we need to keep processing the personal data or not disclose it, or other times when the rights may not apply at all. We will always tell you if we think we do not have to comply.
You can exercise your rights by sending us an email at firstname.lastname@example.org
We will seek to deal with your request without undue delay, and in any event within any time limits provided for in the UK GDPR (this is generally one month, subject to any extensions that may be available to us, which we will always tell you about).
- You have the right to access information we hold about you: You have the right to obtain a copy of your personal data from us and obtain other supplementary information from us.
- You have the right to make us correct any inaccurate personal data about you: You have the right to request that we correct any inaccurate or incomplete personal data that we hold about you.
- You have the right to port your data to another service: We will give you a copy of your data so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
- You have the right to be ‘forgotten’ by us: You can do this by asking us to erase any personal data we hold about you in certain circumstances, including if it is no longer necessary for us to hold that personal data.
- You can object to us using your personal data: You can object to us using your personal data if we are using it for the purpose of our legitimate interests, including where we are using it for direct marketing purposes.
- You have the right to restrict our processing: You have the right to restrict our processing of your personal data in certain circumstances. This means that you may be able to limit the way that we use your personal data.
- You have the right to withdraw consent: Where we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.
- You have the right to lodge a complaint with the ICO: You can make a complaint to the UK Information Commissioner’s Office, the UK data protection regulator, as directed on their website at www.ico.org.uk. Please think about telling us first though, so we have a chance to address your concerns!
Your experience with Juniper is important to us.
If you have any questions, concerns or complaints about this Privacy Notice, or how we handle your personal data, please contact our Privacy Team at email@example.com. We always try to respond within a reasonable period.
We reserve the right to change the terms of this privacy notice from time to time, and will notify you of any material changes. We also encourage you to check the website periodically to make sure you are aware of our current privacy notice. The last update to this document was June 2023.