Privacy Policy

1.  About this policy

The Global Pharmacy Exchange ("GPX") is committed to protecting and respecting your privacy.

GPX collects and holds information about you as a legitimate interest as defined under the General Data Protection Regulations.


This Policy (together with the Terms of Use and any other documents referred to in it) explains how we use, store and process any personal data collected from you, or provided by you. It also informs you of your rights and our responsibilities in the processing of your personal information under the General Data Protection Regulations.

Please read the following carefully to understand the practices of GPX regarding your personal data and how it will be treated.


By visiting this site you are accepting and consenting to the practices described in this Policy.

Children's Data

When you register with us or send us Personal Information, you are stating that you are 16 years of age or over, or are a minor acting with parental consent. You agree that any information you provide to us about yourself upon registration or at any time is true.

2.  About GPX

Global Pharmacy Exchange is a grassroots initiative that aims to positively impact the availability and quality of medical products across the globe. We believe that connecting, informing and empowering the pharmacy workforce will help to drive this change.

GPX is operated by Kate Enright.

3.  Definitions

"Personal Data"

Where we refer in this policy to your ‘personal data’, we mean any recorded information that is about you and from which you can be identified. It does not include data where your identity has been removed (anonymous data).


Where we refer to the ‘processing’ of your personal data, we mean anything that we do with that information, including collection, use, storage, disclosure or retention.


Where we refer to the 'site', we mean and any subdomains therein.

"Us" and "We" and "Our"

Where we refer to 'us' or 'we' or 'our', we mean the Global Pharmacy Exchange.

4.  What Type of Information Does GPX Collect?

About you

The information we collect from you directly, or from third parties with whom we work, may include:

  • name;

  • written communications (such as comments, feedback, emails, reviews, recommendations and personal profile);

  • contact details (such as email address, telephone number, or skype address);
  • contact preferences;

  • login details (such as password; Internet protocol (IP) address used to connect your computer to the Internet; connection information).​

  • payment details (including bank account details for setting up a regular direct debit, credit card details for processing credit card payments and purchase history).

  • interests and affiliations (including other charities, community groups, your employer or corporate partner).

  • how often you log in to the site, when you last logged in and for how long.

About your use of our website

If you consent to our use of cookies, we may collect the following technical and analytical information.

If you visit our site, we may record technical information. For example: the type of device (and its unique device identifier) you use to access our site, the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, mobile network information and platform.

If you visit our site, we may also collect information that assists us to analyse your visit. For example: the full Uniform Resource Locators (URL), clickstream to, through and from the Website (including date and time), pages you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

We do this by using cookies and software tools, which you can learn more about in this Policy.

About your interactions with us

We may also collect and process information about your interactions with us, including details about our contacts with you through email, SMS, post, on the phone or in person (i.e. the date, time, and method of contact), details about donations you make to us, events or activities that you register for or attend and any other support you provide to us.


Your financial information
If you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry (PCI) Data Security Standard (DSS) and don’t store the details on our website or databases. All online financial transactions are encrypted using a recognized security layer.

‘Sensitive’ personal information
Under data protection law, certain categories of personal information are classed as “sensitive personal data”, including and information regarding your health, race, religious beliefs, sexual orientation and political opinions. We do not knowingly collect sensitive personal data about you.


5.  How Does GPX Collect Information?

We may collect information about you whenever you interact with us.

When you conduct a transaction on our site (such as when you register to use the site, subscribe to a newsletter, download a document, participate in a discussion board, post a comment, enter a survey, take a course, report a problem, or get in touch), we will collect the personal information that you give us as part of the process. For example, your name and email. Your personal information will be used for the specific reasons stated.

6. Why Does GPX Collect This Personal Information?

We collect such Non-personal and Personal Information for the following purposes:

  1. To provide and operate the Services;

  2. To provide our Users with ongoing customer assistance and technical support;

  3. To be able to contact our Visitors and Users with general or personalised service-related notices and promotional messages;

  4. To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services; 

  5. To comply with any applicable laws and regulations.

Our Privacy Policy takes into account several laws, including:

  • the Data Protection Act 1998

  • the Privacy and Electronic Communications (EC Directive) Regulations 2003

  • General Data Protection Regulation (EU) 2016/679.


Generally, our processing of your personal information as described in this policy is allowed by these laws because we have a legitimate need to carry out the processing for the purposes described above. Some processing may also be necessary so that we can perform a contract with you or because it is required by law. We only use your information to send you marketing communications by email or text with your consent, and you can always opt out of receipt of marketing communications by post or telephone as explained in this document.

7.  How does GPX store, use, share and disclose your personal information?



GPX is hosted on the platform. provides us with the online platform that allows us to communicate with you and to offer you products and services. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements. 

Usage, Sharing & Disclosure

We may use your information in a number of ways, including:

  • To provide you with information, products or services that you have requested from us, or that we feel may be of interest to you;

  • To provide you with information about our work or our activities;

  • To invite you to participate in interactive features on our website;

  • To process donations or payments that we receive from you;

  • For administrative purposes (for example, we may contact you regarding an event for which you have registered, to provide information requested from us, or with a query regarding a donation you may have made to us);

  • For internal record keeping relating to any donations, feedback, or complaints;

  • To invite you to participate in voluntary surveys or research;

  • To contact you where you have been identified as a contact person for an organization, such as a university (if we obtain your contact details in this way, we will only use them to contact you in your capacity as a representative of that organization);

  • To analyze and improve the content and operation of our website;

  • To analyze and improve our internal business processes;

  • To tailor advertising that is presented to you on the internet according to your interests, preferences and other characteristics (as described below);

  • To direct advertisements and other communications to other people who may have similar interests or other characteristics to yours (as described below);

  • To assess your personal information for the purposes of credit risk reduction or fraud prevention; and

  • Where we are required by law to disclose or otherwise use your information. In this circumstance we may process your data without your knowledge or consent.

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose. 

Specific Process: Marketing

In particular, we may contact you for marketing purposes by email or text message if you have agreed to be contacted in this manner. We may also send you service communications via email or text, for example where you place an order for goods or services on our website, or you have made a donation by text.

If you have provided us with your postal address or telephone number, we may send you information about our work or other communications of the kinds described above by direct mail or contact you by telephone unless you have told us that you would prefer not to hear from us in this way. We provide information about how you can change your marketing preferences below.

Specific Process: Payments

All direct payment gateways offered by and used by GPX adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Specific Process: Information Transfer to Cloud-Based Service Providers

There may be occasions when we transfer your data outside the European Economic Area (EEA), for example, when we communicate with you using a cloud based service provider that operates outside the EEA such as Survey Monkey/MailChimp/Eventbrite/Wuhoo/etc.


Such transfers will only take place if one of the following applies: 

  • the country receiving the data is considered by the EU to provide an adequate level of data protection;

  • the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield;

  • the transfer is governed by approved contractual clauses;

  • the transfer has your consent;

  • the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract; or

  • the transfer is necessary for the performance of a contract with another person, which is in your interests.


Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to the website and any transmission is at your own risk. 

8. How does GPX communicate with you?


We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, Whatsapp, Skype, Zoom, and postal mail.

9.  How Does GPX Protect Your Personal Information?

We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary.


Although we use appropriate security measures once we have received your personal information, the transmission of information over the internet is never completely secure. We do our best to protect personal information, but we cannot guarantee the security of information transmitted to our website, so any transmission is at the user’s own risk. However, any payment card details (such as credit or debit cards) we receive on our website are passed securely to our payment processing provider according to the Payment Card Industry Security Standards.


Service Providers 
For financial and technical reasons, we may, on occasion, need to use the services of a service provider outside the European Economic Area (EEA) – this may include a country which does not have the same level of data protection as in the United Kingdom.  However, unless they are located in a country which has been assessed by the European Commission as ensuring an adequate level of protection for personal data, we will only use a service provider outside the EEA on the basis of an agreement with the service provider, designed to protect your data, in the appropriate form approved for this purpose by the European Commission.  As described in this Policy, we will take all steps reasonably necessary to ensure that your data is processed securely and in accordance with this Privacy Policy.

Third Party Websites

Our site contains links to and from various third party websites.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

Data Retention

We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements.


10.  Cookies

What are Cookies?

Cookies are small files, typically of letters and numbers, downloaded on to a device when you access certain websites or emails, including our site. Cookies allow a website to recognize your device. For more information see:

Types of Cookies

There are two broad types of cookies – ‘first party cookies’ and ‘third party cookies’:

  • First party cookies are cookies that are served directly by the website operator to your computer, and are often used to recognize your computer when it revisits that site and to remember your preferences as you browse the site. Basically, these are our cookies.

  • Third party cookies are served by a service provider on behalf of the website operator, and can be used by the service provider to recognize your computer when you visit other web sites. Third party cookies are most commonly used for web site analytics or advertising purposes.


In addition, cookies may be either ‘session cookies’ or ‘persistent cookies’.

  • Your computer automatically removes session cookies once you close your browser.

  • Persistent cookies will survive on your computer until an expiry date specified in the cookie itself, is reached. We use both session and persistent cookies.

Categories of Cookies Used by GPX

1. Strictly necessary cookies: These cookies are essential for the user to move around the website and to use its features, e.g. shopping baskets and e-billing.

2. Performance cookies: These cookies collect information about how the user makes use of the site, e.g. which pages the user visits most. These cookies do not collect information that identifies the user.

3. Functionality cookies: These cookies remember choices made by or attributes of the user and enhance the features and content you experience during your visit to our website, e.g. language, appeals visited or user’s location. This cookie is also used to remember a user’s preferences for a font size, or customizable parts of a web page.

4. Targeting or advertising cookies: These cookies collect information about the users’ browsing habits. This may also include your use of social media sites, e.g. Facebook, etc. or how you interact with our website which then shows you relevant content elsewhere on the internet. NB. These may also be used to choose the advertisements that are displayed to you on our website and other websites.


We have assessed our cookies based on the ICC Cookie Guide. The majority of our cookies fall into the first two categories. However, we may also use cookies on our webpages which are in categories 3 and 4.

What Information does GPX Collect Using Cookies?

We may collect some, or all, of the information available from cookies when you visit our website, depending on how you use it.


We monitor how people use our website so we can improve it. We collect this information anonymously. However, you can choose to use our website anonymously without giving us any information. Please see ‘Changing your cookie preferences’ below.

If you visit our website, we may use cookies to record information about:

  • the areas of the website you visit;

  • the amount of time you spend on the site;

  • whether you are new to the site, or have visited it before;

  • the country, region, city and/or borough associated with your IP address or device;

  • how you came to our website – for example, through an email link or a search engine;

  • the type of device and browser you use;

  • how you use the website and the quality of your experience – for example we may track your bandwidth when viewing videos;

  • how you interact with our donation and sign up forms – for example what you select as your communication preferences; and

  • any error messages that you receive on the site.

  • We use cookies to track how visitors come to our site. For example, we may use marketing or referring tracking codes in internet addresses (URLs) to show us whether a visitor has come to our site via a link on a referring website or in a specific piece of marketing and to give us insight into the effectiveness of our marketing.


Although not through cookies, we do measure the success of the emails we send – so we know what subject lines and stories people liked the most. We receive this information anonymously and we do not share it.

Cookie Consent

By using our website, our social media pages (such as Facebook, Twitter, YouTube, Google+ and Instagram), subscribing to our services, donating to us and/or shopping online, you agree that, unless you have set your computer’s browser to reject them, we can place the types of cookies set out in this Policy on your device and use that data in accordance with this Policy.

How to Disable Cookies

If you do not want cookies to be stored on your PC it is possible to disable this function without affecting your navigation around the site.

Your browser will have cookie management abilities in the preferences settings, enabling you to delete or block GPX's website cookies. Find more detailed information on disabling cookies from or from the help function in your browser.

Website Analytics

Our website currently uses Google Analytics Services.

Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which (as discussed above) are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more details, please read Google’s Analytics overview.

You can always opt-out of Google Analytics cookies by Google’s opt-out tool.

Other Third Party Cookies

You may notice some other cookies that are not related to GPX's whilst visiting the site. Some of our pages may contain embedded content such as a YouTube video, Twitter feed, Facebook likes or Google plus share. You may receive cookies delivered from these websites, but as GPX does not govern the publication of third-party cookies, please visit the relevant sites to understand more about their cookies and privacy statements.

11.  Your Rights

Under certain circumstances, by law you have the right to:

Request access to your data 
This is commonly known as a "subject access request".  You may request a copy of the personal information relating to you, which is kept on file by GPX. This enables you to receive a copy of your data and to check that we are lawfully processing it. We will not charge you for this.

Request correction of your data 

This enables you to ask us to correct any incomplete or inaccurate information we hold about you. For example, if your contact details have changed or you think any information we have about you is incorrect or incomplete, please update or correct the information we hold about you by contacting us, as explained below.

Request erasure of your data 

This enables you to ask us to delete or remove your data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).

Object to processing of your data

If we are relying on our legitimate interests (or those of a third party) for processing your data, you can object to us processing it on these grounds if there is something about your specific situation that makes you want to do this. You also have the right to object where we are processing your data for direct marketing purposes.

Request the restriction of processing of your data

This enables you to ask us to suspend the processing of your data, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your data to another party

Controlling Your Preferences

We strive to make it clear and easy for you to choose how you hear from us. If you do not wish for us to use your personal data for marketing purposes (as outlined above) you can use the relevant box on the form that we use to collect your data to indicate your preference.

You can also change any of your marketing preferences at any time (including telling us that you don’t want us to contact you for marketing purposes) by:

  • Indicating that you do not wish to receive our marketing emails by clicking the ‘unsubscribe’ link in at the end of our emails;

  • Contacting us by post or email at the addresses provided above.


​If you have indicated that you do not wish to be contacted for marketing purposes, we may maintain your details on a suppression list to help ensure that we do not continue to contact you for marketing purposes.  However, we may still need to contact you for administrative purposes, including (but not limited to):

  • Processing a payment or donation that you have made;

  • Providing you with the information you need in order to participate in an activity or event for which you have registered; and

  • Explaining and apologizing where we have made a mistake.

Raising Complaints or Concerns

Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop.  However, where you have consented to the processing (for example, where you have asked us to contact you for marketing purposes) you can withdraw your consent at any time. In this event, we will stop the processing as soon as we can.  However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent and you may no longer be able to use the site in the same way as you did before. 

You can make a complaint or raise a concern about how we have processed your personal information by contacting us as described below. In some circumstances, you have the right to object to our processing of your personal data or to stop us from continuing to make active use of personal data that we retain in our records.

We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

If you are still dissatisfied, or if you are not happy with how we have handled your complaint, you have the right to lodge a complaint with the Office of the Information Commissioner (ICO). The ICO oversees the protection of personal data in the UK. You can find out more information about this at:

12.  Privacy policy updates


We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

13.  How to Contact GPX

If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at or send us mail to:

Kate Enright

c/o Ethox Centre

University of Oxford

Big Data Institute

Li Ka Shing Centre for Health Information and Discovery

Old Road Campus




United Kingdom