Terms and Conditions

Phlo Terms of Service  

These terms of service (the Terms) apply to your access and use of Phlo websites, applications and our services (the Services). The Services involve the following activities: 

  • Directing your acute and/or repeat Private and/or NHS prescription electronically to our Pharmacy from eMed (formerly Babylon Healthcare).
  • Our Pharmacy dispensing your medicines against the prescription received from your eMed GP. 
  • Dispensing your medicines to be either delivered to you, or your nominated representative, by our delivery drivers. 
  • If we receive an NHS prescription from eMed, we will ask you to Nominate, Phlo – Digital pharmacy as your NHS Pharmacy. This will require your consent to send your NHS medicines to our Pharmacy and this consent will be sought separately while you use the Services. 

The Terms and the Services may be varied at any time without cause or prior notice. Every time you wish to use the Services, please read these Terms to ensure you understand the terms which apply at that time.  

What is Phlo? 

We are a digital pharmacy service, which allows you to request your acute or repeat private and/or NHS prescriptions from your eMed GP by using our website or application. Once you have agreed to receive our Services, your acute and repeat private and/or NHS prescriptions will be electronically directed to our Pharmacy to be dispensed. Once it is dispensed,we will deliver it to you.

About Us 

Our website and app are owned and provided by Phlo Technologies Ltd, a company incorporated in Scotland under company number SC496769 whose registered address is C/O Gillespie & Anderson, 147 Bath Street,Glasgow G2 4SN (“Phlo”, “we”, “us” or “our”).

Our VAT Number is 258020620. If you require any information or if you would like to make a complaint about our website or any of our Services, you can contact us by:

  • Telephone: 0141 255 0751
  • Email at support@wearephlo.com; or
  • Mail by writing to our Head Office: Phlo Technologies Ltd, Clockwise Office, 77 Renfrew St, Glasgow, G2 3BZ.

Professional Authorisation 

Our digital pharmacy service (our Pharmacy; Phlo - Digital Pharmacy or Phlo) operates using our distance pharmacy. Our Pharmacy is run by qualified pharmacists and operates from a registered pharmacy premises under General Pharmaceutical Council registered premises Number 9011535 at: 

Phlo - Digital Pharmacy
Unit 12 - 14
35 Corbridge Crescent
E2 9EZ
United Kingdom

Telephone: 020 8191 9444
Email: pharmacy@wearephlo.com 

Superintendent Pharmacist & Pharmacy Details

Prabhjit Jassal GPhC Number 2067173.
Phlo Technologies Ltd is the legal owner of our Pharmacy located at Unit 12 - 14, Containerville, 35 Corbridge Crescent, London E2 9EZ under GPhC Number 9011535.

We operate this Pharmacy and are included in the NHS Pharmaceutical list to provide NHS Distance-Selling services to patients under Tower Hamlets Health and Well Being Board/NHS England. 

Phlo Technologies Ltd is a company registered in Scotland with our registered office at C/O Gillespie & Anderson, 147 Bath Street, Glasgow, G2 4SN.

All our pharmacists are bound by and comply with codes of professional ethics and conduct. You can access these professional conduct rules by visiting www.rpharms.com. Contact details for the General Pharmaceutical Council are also available at www.pharmacyregulation.org

Your Responsibilities 

You are responsible for ensuring the information that you provide to us while using our Services is accurate and up-to-date. This includes information about you, your medical conditions and associated medicines. You agree that you will notify us immediately of any changes in the information you have provided us with, by contacting Phlo Digital Pharmacy.

You are responsible for ensuring that you liaise with your eMed GP in relation to what they need from you in order to be able to release your acute or repeat prescription. For example, some medicines can only be prescribed for periods of greater than 12 months if you see your GP for a medicines review.     

We are not under any obligation to accept your order request and you accept that we have the right to suspend or terminate your access to the Services at any time without prior notice if we have reason to believe that you have breached any of the Terms. 

You are responsible for disposing of any un-wanted medicines in your possession by returning them to a pharmacy. 

You accept that you are responsible for the appropriate storage and handling of your medications from the point of delivery to you or your nominated representative.  

Requesting Your Medicines 

You must complete our one-page order form to use our Services. You agree that Phlo has no control over the issuance of your prescription, which is at the sole discretion of your eMed GP. 

The Services are provided on a best endeavours’ basis: we act as an intermediary and cannot guarantee the completion of your prescription order, since sole and absolute discretion to issue your prescription rests with eMed.  

You accept that any order for a prescription which is placed by you will not be binding on us until we have confirmed the order to you by SMS, email or telephone. We reserve the right to reject any order.  

Restrictions on Ordering 

If the prescription is for someone other than yourself, you will need to have the authority of the person whose prescription it is to have it dispensed by us. You will need to show us that you have the authority. If you cannot satisfy us that you do have the authority, you will not be able to use our Services. 

We only accept orders for prescriptions from customers who are 16 years old or over although you may order prescriptions for persons who are under 16 if you are their parent, guardian or legally authorised to do so. By placing an order, you confirm that you are at least 16.  

We currently accept orders for same-day, real-time delivery of eMed prescriptions to addresses within the M25 in London. Any addresses out with the M25 ring road will receive their medications via our 24-hour tracked delivery service which available across to patients across the UK. If you live within our real-time delivery zone you can also choose our 24-hour tracked service should this be your preferred delivery option.

Verifying your Prescription

When we receive an order for your prescription, we will verify it against the information provided by eMed. In the event that the information does not match, we may try to contact you using the information provided in the ordering process. If we cannot contact, you and we are unable to dispense the item(s) in your order we will not dispense or deliver the item(s).

If you place an order for a prescription and we do not receive the relevant prescription from your eMed GP, we will not dispense the prescription. We will contact you to let you know that we have not received the prescription from your eMed GP. It will be your responsibility to contact your eMed GP.

Dispensing Your Medicine

We will dispense your medicines using our distance pharmacy. Our Pharmacy is registered with the General Pharmaceutical Council and is contracted to provide private dispensing services to patients. Pharmacists may only legally prepare a prescription-only-medicine upon receipt of a valid prescription from an appropriate prescriber. In relation to the Services we will provide, the appropriate prescriber will be a registered medical practitioner.  

We are not and our Pharmacy is not responsible for the manufacture of your prescribed medicines. We are responsible for appropriate dispensing, storage and handling of the medicines while they are in our possession, this includes while they are being delivered to you. You accept that you are responsible for the appropriate storage and handling of your medications from the point of successful delivery onwards. 

If any of the items on your prescription are not available, or are not suitable for dispensing through this service, we will try to contact you or your nominated representative using the contact information you have given us. 

Delivering Your Medicines

The delivery of your medicines may be undertaken by individuals in our employment or by third parties we contract with to provide this aspect of our Services.

You, or your nominated representative, are responsible for taking receipt of your medicines. Any signature provided by your nominated representative will be confirmation of your receipt of your order and our obligations in relation to that delivery will be fulfilled. You or your authorised representative will need to provide proof of your identity before the medicines can be delivered. If you do not provide that proof, the medicines will not be delivered and you may be charged for delivery.  

If you or your nominated representative is not available to take receipt of your medicines when we arrive to make delivery, you may be charged for delivery.

If a delivery is failed because of something you or your nominated representative do or fail to do, you will be charged for the original failed delivery and any subsequent re-delivery charge.

We will not have any liability to you in relation to any loss or damage to your medicines that takes place after delivery. We will not have any liability to you in relation to any personal data contained in or on the items we deliver being seen by a third party after delivery. While we undertake to use reasonable endeavours to have the medicine delivered to you within the delivery slot you select, time is not of the essence and we shall not be in breach of the Terms or have any liability whatsoever to you for failing to make the medicine available on the agreed delivery date. 

You must check all medications delivered to you promptly upon receipt. You should never take any medication, which appears to have been tampered with or which you believe has been dispensed in error. In the unlikely event of your order appearing to be damaged or your order appearing to be incorrect, then you should contact us immediately through the details provided above. We are not responsible for any breach of, or failure to provide, the Services, which was caused by you, your eMed GP, or any third party. 


You will be charged for using Phlo’s Private services, which include the cost of medication and delivery. Payment will be required upfront before Phlo can deliver your items to your chosen address.  

For NHS prescription charges will apply whether we charge for delivery or not. We will collect these charges from you. We pass these charges back to the NHS. For NHS prescriptions you will be required to confirm eligibility for free prescriptions or to confirm you have a pre-paid prescription certificate. It is your responsibility to give accurate information and to not make a false declaration.

In providing payment card details, you confirm that you are authorised to use the card and authorise us to take payment in full for applicable prescription and delivery charges and any other charges that become due to us under these Terms. Refunds, if applicable, will only be made to the card originally used for payment.  

Your contract with your mobile network provider will apply while using the Services and this may include a charge for the use of their network services.  

Order Cancellation

You may cancel your order at any stage prior to your delivery being accepted by our courier partner. Once your order has been accepted by our courier partner, if you decide to cancel the order you will be charged up to the full amount of the delivery cost. Once your items have been sent out for delivery from our Pharmacy premises you will be unable to cancel your order, but we may return your medicines to the Pharmacy at our own discretion. In this scenario you will be charged the full cost of delivery and re-delivery to our pharmacy.

Our Liability to You 

We, the directors of our company and the directors of any related companies shall not be liable for any losses or claims arising directly or indirectly from use of the Services except that this exclusion of liability does not apply to any damages in connection with death or personal injury caused by the negligence of us or the people we are responsible for.  

Data Protection

All registration information you provide us with will be kept secure and processed in accordance with our Privacy Policy, which can be accessed here: http://support.wearephlo.com/en/articles/2658396-privacy-policy.   

Ownership, Use and Intellectual Property Rights

The Phlo website and all intellectual property rights in it including but not limited to any content are owned by us, our licensors or both (as applicable). Intellectual property rights means rights such as: copyright, trademarks, domain names, design rights, database rights, patents and all other intellectual property rights of any kind whether or not they are registered or unregistered (anywhere in the world). We and our licensors reserve all of our and their rights in any intellectual property in connection with these Terms. This means, for example, that we and they remain owners of them and free to use them as we and they see fit. 

Nothing in these Terms grants you any legal rights in our website other than as necessary to enable you to access and use the website and app. You agree not to adjust, to try to circumvent or delete any notices contained on the website or app (including any intellectual property notices) and in particular in any digital rights or other security technology embedded or contained within the website or app. 

Trademarks: Phlo, Phlo logo and Phlo Digital Pharmacy logo are our trademarks and are trademarks of Phlo Technologies Ltd. Other trademarks and trade names may also be used on the website or the app. The use of any if our trademarks is strictly prohibited unless you have our prior written permission. 

Accuracy of Information and Availability of the Website

We try to ensure that our website and app is accurate, up to date and free from bugs however we cannot guarantee that it will be. In addition, we cannot promise that our website and app will be fit or suitable for any purpose.  

We reserve the right to suspend or terminate operation of our website or app at any time as we see fit.

Nothing on our website or app constitutes technical, legal, medical or pharmaceutical advice or any other type of advice and should not be relied on for any purposes. 

While we make every effort to ensure that our website or app is available for your use, we do not guarantee that the website or app will be available at all times nor do we guarantee the uninterrupted use by you of the website or app.  

Hyperlinks and Third-Party Websites 

Our website and app contain hyperlinks and references to third party websites. Any such hyperlinks or references are provided for your convenience only. We have no control over third party websites and accept no legal responsibility for any content, material or information contained in them. The display of any hyperlink and reference to any third-party website does not mean that we endorse that third party's website, products or services. Your use of a third-party website may be governed by the terms and conditions of that third party website. 

Security and Monitoring  

We use various security measures to prevent your personal information from being accidentally lost or used or accessed in an unauthorised way however internet transmissions are not completely secure and there is a risk that information which you send to us via our website may be intercepted. 

We have procedures in place to deal with any suspected security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. You can find out more information about our security procedures in our Privacy Policy: http://support.wearephlo.com/en/articles/2658396-privacy-policy.

We may monitor activity and content on our website and app and may take any action we consider appropriate if we suspect you may be in breach of these Terms. This may include suspending or terminating your access to our website or app or notifying the authorities or relevant regulators of your activities. 

Limitation of our Liability 

Except for any legal responsibility that we cannot exclude in law (such as for death or personal injury) or arising under applicable laws relating to the protection of your personal information, we are not legally responsible for any:

a) losses that:
    i) were not foreseeable to you and us when these Terms were formed; or     
   ii) that were not caused by any breach on our part; or   

b)  any loss or damage or increase in loss or damage which results from a breach of these Terms by you.  


Nothing in these Terms is intended to nor shall it confer a benefit on any third party under the Contracts (Rights of Third Parties) Act 1999. No one other than a party to these Terms and Conditions has any right to enforce any of these Terms.

No delay or decision not to enforce rights under these Terms will constitute a waiver of the right to do so and will not affect rights in relation to any subsequent breach.

These Terms are subject to the laws of Scotland and each of us hereby submits to the non-exclusive jurisdiction of the Scottish courts.

Privacy Policy

Phlo Technologies Ltd Privacy Policy

We take your privacy and the security of your personal and medical information very seriously. Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so we are subject to the General Data Protection Regulation, which applies across the European Union (including in the United Kingdom), the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act. We are responsible as ‘controller’ of that personal information for the purposes of those laws.

We, us, our

Phlo Technologies Ltd., a company incorporated in Scotland undercompany number SC496769 whose registered address is C/OGillespie & Anderson, 147 Bath Street, Glasgow G2 4SN.

Our data protection officer

Jonathan Forbes

Email: support@wearephlo.com

Personal information

Any information relating to an identified or identifiable individual.

Special category personal information

Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership.

Genetic and biometric data.

Data concerning health, sex life or sexual orientation.

Personal information we collect about you

We may collect and use the following personal information about you:  

  • Your name and contact information, including postal address, email address and telephone number;
  • Information to enable us to check and verify your identity, e.g. your date of birth, scanned images of your exemption certificates, driving licence or passport;
  • Your gender information;
  • Your NHS number;
  • Information about your medicines, and the medicines you have been prescribed currently and in the past.
  • Your billing information, transaction and payment card information;
  • Your contact history, purchase history and saved items;
  • Information about how you use our website, information technology (IT), communication and other systems; and
  • Your responses to surveys, competitions and promotions.  

Personal information is required to provide our services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing services to you.  

How your personal information is collected

We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website and apps. However, we may also collect information:

  • From a third party with your consent, e.g. your General Practitioner or the NHS Spine system, which is the main database of your medical history with the NHS;
  • From cookies on our website - for more information on our use of cookies, please see our cookie notice;
  • Via our IT systems, e.g. automated monitoring of our websites and other technical systems, such as our computer networks and connections.  

How and why we use your personal information

Under data protection laws, we can only use your personal information if we have a proper reason for doing so, e.g.:  

  • To comply with our legal and regulatory obligations;
  • For the performance of our contract with you or to take steps at your request before entering into a contract;  
  • For our legitimate interests or those of a third party; or  where you have given consent.  

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.  The table below explains what we use (process) your personal information for and our reasons for doing so:  

What we use your personal information for

Our reasons

To provide our services to you.

For the performance of our contract with you orto take steps at your request before enteringinto a contract.

To prevent and detect fraud against you.  

For our legitimate interests or those of a third party, i.e.   to minimise fraud that could be damaging for us and for you.

Conducting checks to identify our users and verify their identity.

To comply with our legal and regulatory obligations.

Gathering and providing information required by or  relating to audits, enquiries or investigations by regulatory bodies, including the NHS.

To comply with our legal and regulatory obligations e.g. the NHS has the power to ask pharmacists to provide copies of exemption certificates, or records of the  prescribing history of pharmacists.We need to be able to respond to those requests.

Ensuring business policies are adhered to, e.g. policies covering security and internet use.

For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you.

Operational reasons, such as improving efficiency, training and quality control.

For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price.

Ensuring the confidentiality of commercially sensitive information.

For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information.

To comply with our legal and regulatory obligations.

Statistical analysis

We analyse the data you give us to help us manage our business, e.g. in relation to our financial performance, user base, behaviours,product range or other efficiency and performance measures.

You can consent to us processing your data for analytical purposes using our cookie management system. Registered customers have access to our consent management system.

Preventing unauthorised access modifications to systems.

For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you.

To comply with our legal and regulatory obligations.

Updating and enhancing user records.

For the performance of our contract with you or to take steps at your request before entering into a contract.

To comply with our legal and regulatory obligations.

For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our users about existing orders and new products.

Ensuring safe working practices, staff administration and assessments.

To comply with our legal and regulatory obligations.

Marketing our services.

To comply with our legal and regulatory obligations.

For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.

Preventing unauthorised access modifications to systems.

We use the data you give us to promote our services:

-existing and former users;  
-third parties who have previously expressed an interest in our services;
-third parties with whom we have had no previous dealings.

Newsletter subscribers can unsubscribe using links or commands in our emails and text messages.

Registered customers have access to our consent management system.

External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts.

For our legitimate interests or a those of a third party, i.e. to maintain our accreditation's so we can demonstrate we operate at the highest standards.

To comply with our legal and regulatory obligations.

When you register with Phlo, request that your password is reset, request that we fulfil your prescriptions or when you place an order for your prescription, we will send notifcation emails to your registered email address to fulfil our service obligations.

When you place an order for your prescription, you will also receive email notifications about its delivery from our partner, Gophr.

Special Category Personal Data  

"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

We will collect information about your health, including any medical condition, medication or health and / or sickness records. This data is special category data.

Special protection is given to this special category personal data. We use this special category personal data primarily to comply with our legal obligations (including verifying your identity and ensuring that the correct medicines are dispensed to you).

We handle your special category data with extra care. For example, we will not provide special category data to our delivery drivers.  

You control how we use your data

Phlo operates its Consent Management System so that our registered and verified customers can control how their data is used. This functionality is found in the Settings section of your account’s home page.

You can tell us how you want data used by setting the tick boxes to match your preferences. When you first create your account, your data preferences and marketing preferences are not ticked, meaning that you are opted out of each of the preferences. Your preferences are respected in subsequent processing activities.

It is Phlo's legitimate business interest to analyse and enrich its customer data to improve its performance and operations. This includes commissioning third parties such as analytics, marketing, logistics and operations partners to work on Phlo's datasets.

Promotional communications

We may use your personal information to send you updates by email about our services, including exclusive offers, promotions or new services.

We have a legitimate interest in processing your personal information for operational purposes.

We request your consent by accepting our cookie notices and if a registered customer, using our consent management system, for us to process your data for statistical, analytical, marketing and promotional purposes (see above ‘How and why we use your personal information’).

You have the right to opt out of receiving promotional communications at any time by contacting us at hello@wearephlo.com

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.  

Who we share your personal information with

We routinely share personal information with:

  • Third parties we use to help deliver your orders to you, e.g. our payment service provider and delivery company.

Our payment services providers are:

  • Checkout Ltd, 54 Portland Place, London, W1B 1DY, United Kingdom

Our logistics and delivery partners are:

  • Gophr Ltd, PO Box 501, The Nexus Building Broadway, Letchworth Garden City, Herfordshire, SG6 9BL.
  • Royal Mail, 100 Victoria Embankment, London, EC4Y 0HQ.
  • DPD group UK Ltd, Roebuck Lane, B66 1BY.

Our IT and network management partner is:

  • Digital Orchard IT, 10 York Pl, Edinburgh EH1 3EP.

Other third parties we use to help us run our business, e.g. website hosts;

  • Our marketing web site and newsletter subscription database is hosted by Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103.
  • Our web analytics partners, Matomo and Google (for Google Analytics)
  • Matomo.org is a geographically distributed open source development team reachable at privacy@matomo.org. Phlo collects website statistical data on Matomo servers hosted in Frankfurt, Germany.
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Our application services are hosted on Google Cloud Platform operated by Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland.

We use CloudFlare services operated by Cloudflare, Inc., located at 101 Townsend St., San Francisco, California 94107 to route network traffic.

We use Postmark operated by WildBit, 225 Chestnut Street, Philadelphia, PA, 19106 to send transactional emails.

We use Intercom operated by Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland, to provide real-time messaging services.

We use Patient Medication Record systems provided by:

  • Clanwilliam Health (UK), Aurora House, Deltic Avenue, Rooksley, Milton Keynes, MK13 8LW, United Kingdom. System data resides in two locations (1) Phlo Technologies London Pharmacy at Containerville, Unit 12 - 14, 35 Corbridge Crescent, London, E2 9EZ and (2) data centres in the Republic of Ireland operated by Amazon Web Services, One Burlington Plaza, Burlington Road, Dublin 4, Ireland.
  • Invatech Health, 442-450 Stapleton Rd, Easton, Bristol BS5 6NR. System data resides in two locations (1) Phlo Technologies London Pharmacy at Containerville, Unit 12 - 14, 35 Corbridge Crescent, London, E2 9EZ and (2) data centres in the Republic of Ireland operated by Amazon Web Services, One Burlington Plaza, Burlington Road, Dublin 4, Ireland.

Third parties approved by you, e.g. third-party payment providers such as your bank, which may request that you approve a payment to us.

Our financial transaction management host, Xero (UK) Ltd, Bank House, 171 Midsummer Boulevard, Milton Keynes, MK9 1EB and our bank, Shawbrook Bank, Lutea House, Warley Hill Business Park, The Drive, Great Warley, Brentwood, Essex CM13 3BE.

Our financial accountants, Gillespie & Anderson, 147 Bath St, Glasgow G2 4SN and advisers Johnston Carmichael at 227 W George St, Glasgow G2 2ND.

Our legal advisers, Addleshaw Goddard, Exchange Tower, 19 Canning St, Edinburgh EH3 8EH.

Our regulators, the General Pharmaceutical Council at 25 Canada Square, Canary Wharf, London E14 5LQ and the Information Commissioners Office at Wycliffe House, Water Lane, Wilmslow SK9 5AF.

NHS England (known formally as the NHS Commissioning Board) and reachable at NHS England, PO Box 16738, Redditch, B97 9PT.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors, e.g. in relation to ISO or Investors in People accreditation processes and the audit of our accounts.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

The data that we collect from you through our applications and systems can help others. We want to share patterns of information on what medicines people take, when, where and for how long. The way in which we do this is by collating data, then removing personal information (names, postal addresses, email addresses, NHS numbers). We analyse the remaining data to identify insights and behaviours so that we can contribute with others to the development of medicines and how treatments are marketed and made available to people. This data can be sold to or shared with to government departments, healthcare professional bodies, the pharmaceutical industry and organisations who want to understand how medicines are used in the real world. Using our consent management functionality, you can tell us that you are comfortable with your medical data being used this way.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, personal information will be redacted but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

Where your personal information is held  

Information may be held at our offices and those of our pharmacy, third party system providers and agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’). Your data is hosted in our pharmacy premises and offices in the United Kingdom and at data centre facilities in the United Kingdom and in the Republic of Ireland, except for Intercom, Webflow and Postmark services, which are hosted in the United States of America under the EU-US Privacy Shield framework.

How long your personal information will be kept

We will keep your personal information while you have an account with us or we are providing services to you. Thereafter, we will retain your personal information:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly; and
  • to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.

To navigate data retention requires us to define the roles people can have when using Phlo’s applications and systems. We call these Data Subject roles:

Prospects: people who visit www.wearephlo.com, support.wearephlo.com and app.wearephlo.com and do not register an account or login.

Phlo App Users: people who have begun Phlo’s application registration process but not completed it, or an application that has not been verified by our pharmacy team.

Phlo App Customers: people who have completed Phlo’s application registration process and have a Phlo account that has been verified by our pharmacy team. Customers can be thought of as fully registered and verified Users.

  • Active Customers are people who are customers and used the Phlo service at least once in the last 365 days, or who have an account with Phlo and have opened or interacted with Phlo's marketing emails at least once in the last 365 days.
  • Lapsed Customers are people who have not logged into their Phlo account for more than 1095 days or have not opened a marketing email in the same timescale.

Workphlo Users: Phlo employees or contract staff who have logged into our internal WorkPhlo application.

Phlo’s data retention periods across its systems are:

Data Subject


Phlo App User

Active Customer

Lapsed Customer

Workphlo Users

Retention Period

730 Days

90 Days

Ongoing, then switching to Lapsed status at (date stampof last login + 365 days) or (date last opened email + 365 days)

Date stamp of last login interaction + 1095 days or date last opened email + 1095 days.

Up to 30 years.

Why we retain data

For analysis of data to define, target and refine marketing segments and campaigns and to recognise previous visits and interactions.

For analysis of data to define, target and refine marketing segments and campaigns and to recognise previous visits and interactions.

For resumption of registration process and sending of password reset emails.

To fulfil service obligations. Exemption certificates are retained for 365 days from their expiry data.

To fulfil obligations should Customer use service again.If a Customer does not log in but continues to open marketing emails, they are regarded as an Active Customer.

Operational logs and data must be stored to support regulatory auditing processes.

Data retention periods are enforced using automated housekeeping jobs with manual oversight. Transactional data, such as prescription orders and financial payment records, will be retained for as long as needed.

Your rights

You have the following rights, which you can exercise free of charge:


The right to be provided with a copy of your personal information (the right of access).


The right to require us to correct any mistakes in your personal information.

To be forgotten

The right to require us to delete your personal information in certain situations.

Restriction of processing

The right to require us to restrict processing of your personal information - in certain circumstances, e.g. if you contest the accuracy of the data.

Data portability

For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you.

To object

The right to object:

- at any time to your personal information being processed for direct marketing (including profiling);

- in certain other situations to our continued processing of your personal information, eg processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision-making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • Email, call or write to us - see below: ‘How to contact us’; and
  • Let us have enough information to identify you (eg your full name, address and user or reference number);
  • Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • Let us know what right you want to exercise and the information to which your request relates.

Keeping your personal information secure

We have appropriate security measures to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org Get Safe Online is supported by HM Government and leading businesses.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

Changes to this privacy policy

This privacy notice was updated on 29th September 2022.

We may change this privacy notice from time to time. If our privacy policy changes in such a way that your data would be processed by a new data processor, we’ll get in touch by email to inform you.

How to contact us

Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are:

Address: Phlo Technologies Ltd, Clockwise Offices, 77 Renfrew St, G2 3BZ.
Registered office at c/o Gillespie & Anderson, 147 Bath Street, Glasgow, G2 4SN.

Email: hello@wearephlo.comTelephone: 0141 255 0751