(Updated: November 2025)
This Privacy Policy describes how LYV (and its affiliates) collects, uses, discloses, retains, and protects personal information when you visit or use our website, products, and services. By using our services, you agree to this policy. If we make material changes, we will notify you and update the “Last Updated” date.
Lyv Pharmacy (LYV Ltd.) is the data controller for the personal data you provide to us through our website and services.
Registered address: Lyv Pharmacy, 4th Floor, 95 Gresham Street, London, EC2V 7AB
Contact email for privacy matters: [email protected]
Phone: +44 1908 617 328
VAT / Tax ID: 507138604
Where we partner with third-party pharmacies, clinicians, or service providers, those parties may be joint controllers or processors in relation to specific services (e.g. prescription products). We will clearly indicate when that is the case.
This Privacy Policy applies to all personal data collected or processed by LYV:
via our website(s), mobile apps, and online services
when you create an account, place an order, or use healthcare/telehealth services
when you communicate with us (email, chat, phone, social media)
when we collect data automatically (cookies, device metadata)
This policy does not cover personal data processed by third parties (e.g. social media platforms, external advertisers) unless expressly stated.
We collect different categories of personal data depending on how you interact with LYV:
3.1. Information you provide directly
Name, address, date of birth
Email address, phone number
Payment or billing information (card, bank, etc.)
Prescription / medical history, allergies, health conditions
Photographic identity (e.g. ID / driver’s licence)
Professional / registration / accreditation data (for healthcare professionals)
Account credentials (username, password)
Responses to medical questionnaires, consent forms
Communications / feedback / support requests
Marketing preferences
3.2. Automatically collected information
IP address, browser type, operating system
Device identifiers, software version, locale settings
Usage data: pages visited, time on page, interactions
Cookies, local storage, mobile analytics identifiers
Geolocation data (if permitted by your device and your consent)
3.3. Inferred / derived data
We may use data we have to infer or derive new attributes (e.g. preferences, health risk indicators) to improve user experience and personalisation.
3.4. Third-party / external sources
We may receive data from:
Publicly available sources (professional registers, directories)
Partner organizations or healthcare providers
Payment processors, fraud detection services
Marketing or analytics partners
We rely on one or more of the following lawful bases under applicable data protection law (e.g. UK GDPR, local regulation):
Contract: to fulfil your orders, provide services, and manage your account
Legal obligation: to comply with pharmacy, medical, tax, and regulatory laws
Legitimate interests: for fraud detection, business operations, service improvement, security
Consent: for marketing, cookies, and processing special health-related data (where needed)
Vital interests: in rare cases, to protect life or health
In cases of sensitive health data, we will only process it with your explicit consent or where permitted by law.
We use your personal data for:
Processing orders, dispensing prescriptions, and delivery of goods
Verifying professional credentials and compliance
Account management, authentication, customer support
Conducting consultations, issuing prescriptions (via clinicians)
Improving, personalising, and optimising our services
Marketing, promotions, and communication (with your consent)
Regulatory and auditing compliance
Detecting fraud, abuse, and maintaining platform security
Analytics & research (in aggregated or de-identified forms)
Integrations with third parties (e.g. pharmacists, labs)
We will not use your data for purposes incompatible with those above without notifying you.
We may share your data with:
Service providers / processors: who perform functions on our behalf (hosting, payments, analytics, shipping).
Healthcare partners: clinicians, pharmacies, labs, telehealth providers, as needed to fulfil orders or consultations.
Regulators / authorities: if legally required (e.g. GPhC, MHRA, tax authorities, law enforcement).
Business transfers: in the event of a merger, sale, or corporate reorganisation.
Group / affiliate companies: where we coordinate functions within our corporate group.
Consent: where you authorise another party to receive data (e.g. for referral, collaboration).
All third parties handling your data must commit to confidentiality, data protection, and use the data only for agreed-upon purposes.
6.1. International transfers
If we transfer your data outside your jurisdiction (e.g. outside UK / EU / your country), we ensure safeguards (e.g. standard contractual clauses, adequacy decisions, binding corporate rules) are in place to protect your rights under data protection law.
We and third parties use cookies, web beacons, mobile IDs, pixel tags, and similar tech to collect information about how you use our site and services.
Types of cookies / trackers:
Strictly necessary (essential for site operation)
Performance / analytics (for site usage metrics)
Functional (to remember preferences, settings)
Advertising / targeting (deliver relevant ads, track ad performance)
You will be offered a cookie consent banner when you first visit, enabling you to accept or reject non-essential cookies. You can change your preferences at any time through the cookie settings.
Third-party cookies may be set by social media integrations or advertising networks; these are subject to their own privacy policies.
We retain your personal data only as long as needed to satisfy the purposes we collected it for, comply with legal obligations, resolve disputes, and enforce our policies. After that, we securely delete or anonymize it.
Example retention durations (you should adapt per your jurisdiction):
Account / profile data: 6 years after account closure
Order / purchase records: 6 years
Medical / prescription data: 7 years
Log / analytics data: varying shorter periods
Marketing preference and consent records: until withdrawn + a reasonable buffer
If you want specific categories and durations, complete this section based on your practice and law.
We implement technical, administrative, and physical security measures to protect your data, including:
Encryption in transit and at rest (e.g. TLS / SSL)
Access controls and authentication
Staff training, confidentiality agreements
Regular audits, penetration testing, and monitoring
Contractual obligations on third-party service providers to maintain security standards
Should a data breach arise that is likely to result in a risk to your rights or freedoms, we will notify you and relevant authorities (e.g. the ICO in the UK) within the required timeframes.
Subject to local law, you may have rights to:
Access: request a copy of your personal data
Rectification: correct inaccuracies or incomplete data
Erasure (“right to be forgotten”): in certain conditions
Restriction of processing: where accuracy is contested or processing is unlawful
Data portability: obtain data in structured form and transfer to another controller
Object: to processing based on legitimate interests or marketing
Withdraw consent: where we rely on your consent
Rights relating to automated decision-making / profiling: request review or opt-out
To exercise your rights, contact us at [email protected] with your request and identification. We will respond within legally required periods (e.g. 1–3 months, depending on complexity).
You also have the right to lodge a complaint with your local data protection supervisory authority.
Our services are intended for adults (age 18 or as allowed by local law). We do not knowingly collect data from children. If we become aware that we have inadvertently collected personal data from a child, we will delete it as soon as possible.
We may update this Privacy Policy periodically (e.g. due to changes in law or services). When we do so, we will update the “Last Updated” date. If changes are material, we may notify you by email or via the website. Continued use after updates constitutes acceptance.
If you have questions, requests, or complaints about this policy or your data, you can reach us at:
Email: [email protected]
Address: LYV Ltd. 66 Tanners Drive, Blakelands, Milton Keynes MK14 5BP, Buckinghamshire, United Kingdom
Phone: +44 (0)1908 617 328
You also have the right to appeal or lodge a complaint with your data protection authority (e.g. ICO in the UK).
Footer Note
LYV Ltd. | Registered Address: 4th Floor, 95 Gresham Street, London, EC2V 7AB
Data Controller / DPO Contact: [email protected]
“LYV” and logo are trademarks of LYV Pharmacy.