+353 59 914 3007 info@kellyspharmacy.com

Privacy Policy

 

1. About Us

This privacy policy applies to kellyspharmacy.com (“the Website”), operated by Kelly’s Pharmacy, Carlow, Ireland. We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Irish and EU data protection legislation.

 

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly:

  • Name, email address, phone number, and any details submitted via contact or enquiry forms
  • Account registration details (where applicable)
  • Comments and feedback left on the Website
  • Order and transaction information for purchases made through our online store

Information collected automatically:

  • IP address, browser type, operating system, and device information
  • Pages visited, time spent on pages, and navigation paths
  • Cookies and similar tracking technologies (see Section 7)

Information collected via marketing and advertising platforms:

  • When you interact with our Website or advertisements, we may collect hashed, pseudonymised identifiers (such as hashed email addresses) for the purposes of digital advertising, including remarketing and the creation of lookalike or similar audiences on platforms such as Google Ads and Meta (Facebook/Instagram)

 

 

3. How We Use Your Data

We process your personal data for the following purposes:

  • To fulfil orders and process transactions
  • To respond to enquiries submitted via contact forms
  • To administer your account and provide customer support
  • To improve the Website, its content, and user experience
  • To send marketing communications where you have provided consent
  • To run digital advertising campaigns, including remarketing to Website visitors and creating lookalike audiences to reach new potential customers
  • To analyse Website traffic and user behaviour via analytics platforms
  • To detect and prevent spam, fraud, and security threats
  • To comply with legal and regulatory obligations

 

 

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the GDPR:

  • Consent — where you have opted in to marketing communications or accepted non-essential cookies
  • Contractual necessity — where processing is required to fulfil an order or service you have requested
  • Legitimate interests — for Website analytics, security, advertising optimisation, and improving our services, where such interests do not override your rights
  • Legal obligation — where we are required by law to retain or disclose data

 

 

5. Advertising, Remarketing & Audience Data

We use trusted third-party advertising platforms — including but not limited to Google Ads and Meta (Facebook/Instagram) — to deliver relevant advertisements to you and to reach new audiences.

As part of this activity:

  • We may share hashed (encrypted) customer data such as email addresses with these platforms for the sole purpose of remarketing, custom audience targeting, and lookalike audience creation
  • All data shared with advertising partners is transmitted securely and in hashed or pseudonymised form — your raw personal data is never exposed
  • We will never sell, rent, or otherwise commercially distribute your personal data to any third party
  • These platforms operate under their own privacy policies and data processing agreements, and all sharing is conducted in compliance with GDPR requirements

You can opt out of personalised advertising at any time through your browser settings, the advertising platform’s own opt-out tools, or by contacting us directly.

 

 

6. Who We Share Your Data With

We may share your data with the following categories of third parties, solely for the purposes outlined in this policy:

  • Payment processors — to securely process transactions
  • Advertising platforms — Google, Meta, and other platforms used for remarketing and audience targeting (data shared in hashed form only)
  • Analytics providers — such as Google Analytics, to understand Website usage
  • Email marketing services — to deliver communications you have consented to receive
  • Spam detection services — to filter spam comments and form submissions
  • Hosting and IT infrastructure providers — to maintain and secure the Website

We require all third-party providers to process your data in accordance with GDPR and to maintain appropriate technical and organisational safeguards.

 

 

7. Cookies & Tracking Technologies

Our Website uses cookies and similar technologies to improve your experience and support our marketing activities. These include:

  • Strictly necessary cookies — required for the Website to function (e.g. session management, login)
  • Analytics cookies — to measure traffic and understand how visitors use the Website
  • Marketing and advertising cookies — to deliver relevant advertisements and track campaign performance across platforms

When you first visit the Website, you will be presented with a cookie consent notice. You may accept or decline non-essential cookies. You can also manage your cookie preferences at any time through your browser settings.

Embedded content: Pages on the Website may include embedded content from third-party services (e.g. videos, maps). These services may set their own cookies and collect data as if you had visited their websites directly.

 

 

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law:

  • Customer and order data — retained for the duration required by tax and commercial law (typically 6 years)
  • Contact form submissions — retained for up to 2 years, unless an ongoing relationship exists
  • Comments — retained indefinitely to support comment thread continuity, unless you request deletion
  • Marketing and advertising data — retained for the duration of active campaigns, after which hashed data is deleted or refreshed in line with platform policies
  • Cookie data — retained in accordance with the durations set out in Section 7

 

9. Your Rights Under GDPR

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data, subject to legal retention obligations
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — request your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent — withdraw your consent to marketing or non-essential cookies at any time

To exercise any of these rights, please contact us at [Insert Email]. We will respond within 30 days in accordance with GDPR requirements.

You also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland at www.dataprotection.ie.

 

 

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption across the Website
  • Secure, hashed transmission of data shared with advertising platforms
  • Regular security reviews and software updates
  • Access controls limiting data access to authorised personnel only

 

 

 

11. Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Data Protection Commission within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay where the breach poses a high risk
  • Document all breaches and the remedial actions taken

 

 

12. International Data Transfers

Some of our third-party service providers (e.g. Google, Meta) may process data outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in compliance with GDPR.

 

 

 

13. Children’s Privacy

Our Website is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will take steps to delete it promptly.

 

 

14. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or services. Any material changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

 

 

15. Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

Kelly’s Pharmacy Kennedy Avenue, Carlow, Ireland Email: info@kellyspharmacy.com Phone: +353 59 914 3007