Security Policy



At Voyager Medical, we take the issue of online data security very seriously. Below is information about some of the measures we take to ensure that your experience with us is as safe as possible please note this document is subject to change, please visit this page regularly.. At the bottom of this page you will find some answers to questions that some of our patients have asked us.
 
Rest assured:
  • All information given to Voyager Medical will be kept completely confidential.
  • No information will be passed to any third party, without your written consent.
  • All consultations authorised by us will happen in a closed room and chaperones will be available when required.

Compliance with UK Law

We utilise a secure server encryption method to securely transfer all credit or debit card details and customer information. This is provided by GeoTrust. We have had no reports of any customers using a credit card to purchase at Voyager Medical and subsequent acts of fraud being committed having used details illegally obtained via our site.
 
We are registered in compliance with the Data Protection Act, Registration No. ZA128693.

Secure server

We use a secure server which encrypts your credit card information during transmission from the webpages to our database. A secure server webpage is different to a normal webpage. You will know you are on a secure webpage because the padlock (on explorer at the bottom and on navigator on the top toolbar) will be highlighted and closed. The web address will also change to indicate a secure server, so that it now starts with https://. When this happens you will know that any information you type into that page will be encrypted when it is sent out. 
 
Encryption is used when you register or login to the website and when you are on the final purchase page. If, however, you visit Voyager Medical from another website such as Freeserve, then a padlock will not be displayed in your Internet browser due to the Freeserve menu bar at the top of the screen. It is because of this bar the browser will not display a padlock, even though when you order the website uses https:// to send the details. If you came straight to PharmaDoctor.co.uk then this would show a padlock when an order was placed.
 
What level of encryption do we use? 
We use 128bit SSL (secure socket layer) level encryption which is one of the most advanced encryption technologies available today. This is provided by Geotrust.
 
Any information sent over the internet is encrypted into an unbreakable code before it is sent. This ensures that no third party can intercept and decipher your personal information. It is certainly much safer than giving your credit card in a restaurant or mail order over the phone.
 
What about Server and Firewall security?
Our database servers, where your personal details are stored, are not accessible from the internet and are monitored 24hrs. They are continually updated to have the latest versions of software ("patches") providing the highest levels of security and reliability available for those systems.
Pharmadoctor have invested in the highest standard firewalls available which are the same as used by many banks and telecom companies. These are dedicated hardware devices which deter and prevent hackers from reaching our systems. In the interests of security we do not provide details of these to third parties.

General Data Protection Regulation (GDPR)

What is GDPR?
One of the biggest changes to UK data privacy law comes into effect on 25th May 2018. The General Data Protection Regulation, also known as GDPR, means that you'll have more control over how your data is used. And it ensures that organisations protect your personal data better. To reflect these changes and new obligations, we've updated our privacy notice which now tells you what we do with your personal data, how it's used and your rights as an individual under the new law. For more information, please visit the Offical GDPR Web Site.
Voyager Medical & GDPR
Protection and confidentiality of Patient's Information is the Key Element in all our business activities, therefore, Voyager Medical Limited has re-assessed its Network and Security Infrastructure to ensure safeguarding of Patient's Information, also reviewed and updated all current procedures and policies to comply with the New GDPR Regulations:
  • Information security
  • Data storage and destruction
  • Changes to our Privacy Notice (Changes are marked with: new)
 
**Patient's Rights are described in our Privacy Notice
Data Protection Officer (DPO)
Mr. Mike Bereza is responsible for all matters related to data protection and GPDR compliance.
DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. 
 
Contact details:
Mr. Mike Bereza
mike@voyagermedical.com
Data Subject Rights
The New GDPR Regulations give Data Subjects enhanced rights to their Personal Information and/or other Related Information held/used by Data Controllers and Data Processors, than the stipulated in the current Data Protection Act 1998 (DPA): 
 
Some of the new rights are; recall of consent, data transfer and erasure of data (subject to the public interest vs rights).
 
**Patient's Rights are described in our Privacy Notice
 
These rights can be requested by the client to Voyager Medical users. Providers are urged to confirm identity of person making these requests and to contact Voyager Medical DPO; If the information is not readily available on the Voyager Medical system. Our DPO will support these requests, but all information you record on the Voyager Medical system is easily available direct to you as a user of the Voyager Medical system. Voyager Medical is working to create an easy download options for individual patient requests made to our users from patients. The GDPR requirements for Voyager Medical will form part of our privacy policy. Voyager Medical is registered with the ICO.
Voyager Medical keeps records for the mandated period for each type of record. Voyager Medical does not use any outside sub-contractors to perform any services.
 
PRIVACY NOTICE
What is a Privacy Notice?
A privacy notice is a statement that describes how Voyager Medical LTD collects, uses, retains and discloses personal information.
 
To ensure that we process your personal data fairly and lawfully we are required to inform you:
  • Why we need your data
  • How it will be used and
  • Who it will be shared with
This information also explains what rights you have to control how we use your information.
 
The law determines how Voyager Medical LTD can use personal information. The key laws are: the Data Protection Act 1998 (DPA), the Human Rights Act 1998 (HRA), Relevant health service legislation, and the Common law duty of confidentiality.
 
Within these pages we describe instances where Voyager Medical LTD is the "Data Controller", for the purposes of the Data Protection Act 1998 (DPA), and where we direct or commission the processing of patient data to help deliver better healthcare, or to assist the management of healthcare services.
 
Voyager Medical LTD recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties.
This part of the fair processing notice outlines the management of the notice, contact details and other access to information legislation.
 
Complaints about how we process your personal information
In the first instance, you should contact us
 
Changes to our fair processing notice
We keep our fair processing notice under regular review and we will place any updates on this web page. This notice was last updated on 15/01/2018.
 

Data Protection Notification
We are registered as a  ‘data controller’ under the DPA - Our Registration Number: ZA128693.. We have notified the Information Commissioner that we process personal data and the details are publicly available from the Information Commissioner’s Office
 
What types of personal data do we handle?
We process personal information to enable us to support the provision of healthcare services to patients.
 
We also use information to support and monitor the health services commissioned in England to enable the delivery of high quality healthcare. This type of information will usually be provided to NHS England in an aggregate or anonymised form, so that we cannot identify an individual.
 
The types of personal information we use include:
  • personal details such as names, addresses, telephone, NHS numbers
  • family details for example next of kin details
  • education, training, mostly frequently of clinicians such as GPs
  • employment details, for example as to what occupational category
  • services, for example details of the services access or offered by providers
  • lifestyle and social circumstances
  • details held in the patient's record, where we hold or manage the patient’s record
  • responses to surveys, where individuals have responded to surveys about healthcare issues
 
We also process sensitive classes of information that may include:
  • racial and ethnic origin
  • religious or similar beliefs
 
In terms of patient information, information may include:
  • physical or mental health details
  • sexual life
 
How will we use information about you?
 
Your information is used to run and improve the NHS in England. It may be used to:
  • Check and report on how effective NHS England and the services it commissions has been
  • Investigate complaints, legal claims or important incidents
  • Make sure services are planned to meet patients' needs in the future
  • To improve the efficiency of healthcare services, by sharing information with other organisations for a specific, justified purpose and approved by Voyager Medical' Caldicott Guardian.
Whenever possible all information that identifies you will be removed.
 
Sharing your information
There are a number of reasons why we share information. This can be due to:
  • Our obligations to comply with current legislation
  • Our duty to comply with our NHS Commissioners
  • You have consented to disclosure
 
Retaining information
We will only retain information for as long as necessary. Records are maintained in line with the NHS Englandretention schedule which determines the length of time records should be kept.
 
Security of your information
We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible.
We have appointed a "Senior Information Risk Owner" (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a "Caldicott Guardian" who is responsible for the management of patient information and patient confidentiality.
How to access your personal information
The Data Protection Act 1998 gives you the right to see the information that Voyager Medical holds about you and why. Requests must be made in writing and you will need to provide:
  • adequate information [for example full name, address, date of birth, NHS number, etc.] so that your identity can be verified and your information located.
  • an indication of what information you are requesting to enable us to locate this in an efficient manner.
For all other personal information held by Voyager Medical, requests should be sent to the Customer Contact Centre.
 
We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act 1998.
We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know through the Customer Contact Centre.
Use of your NHS Number
If you are receiving support from a public health service e.g. The London Pharmacy Vaccination Service, New Medicine Service (NMS), Medicine Use Review (MUR), etc. Then we may share your NHS Number with the relevant clinician (GP, Pharmacy, Hospital, etc.) (Only if you have given explicit consent). This is so that Voyager Medical and the relevant clinician (GP, Pharmacy, Hospital, etc) are using the same number to identify you whilst providing you care.
 
Your NHS Number is accessed through an NHS Service called the Personal Demographics Service (PDS), Voyager Medical sends basic information such as your name, address and date of birth to the PDS in order to find your NHS Number. Once retrieved from the PDS the NHS Number is stored in the Voyager Medical System.
 
The addition of the NHS Number to public health data will bring additional benefits:
  • Better coordinated and safer care across public health care bodies enabled through the sharing of real-time information.
  • Less paperwork and more efficient use of public health care resources.
 
You have the right to object to the processing of your NHS Number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options you have.
 
If you wish to opt-out from the use of your NHS Number for public health care purposes, please contact us.
Recall of consent & data erasure new
The New GDPR Regulations gives you the right to recall of consent (when explicitly given to any service provider using Voyager Medical) or to request your information be removed from the Voyager Medical system. Requests must be made in writing and you will need to provide:
  • adequate information [for example full name, address, date of birth, NHS number, etc.] so that your identity can be verified and your information located.
  • an indication of what information you are requesting to enable us to locate this in an efficient manner.
For all other personal information held by Voyager Medical, requests should be sent to the Customer Contact Centre.
 
We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act 1998.
We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know through the Customer Contact Centre.
 
COOKIES POLICY
Understanding how and why we use cookies
Voyager Medical is committed to protecting you and any data (anonymous or otherwise) that we collect about you online. This section tells you how we use cookies and why. We call it our “Cookies Policy”. Among other things, cookies allow you to log on to Voyager Medical Web Site.
As you may be aware, recent legislation requires websites to gain visitors' consent to use certain cookies.
What is a cookie?
Cookies are files containing small amounts of information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, and generally improving your online experience.
 
There are different types of cookies. They all work in the same way, but have minor differences:
 
Cookie Type
Description
Session cookies
Session cookies last only for the duration of your visit and are deleted when you close your browser. These facilitate various tasks such as allowing a website to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality.
 
The cookies we use are session cookies. For example, they help us to ensure the security of your internet session, and can also keep you signed in while you move between pages.
 
Our session cookies used for security are designed to be very difficult to read, change, access or use except by us when you have an active session. They contain no personal information that can be used to identify an individual.
Persistent cookies
Persistent cookies last after you have closed your browser, and allow a website to remember your actions and preferences. Sometimes persistent cookies are used by websites to provide targeted advertising based upon the browsing history of the device.
 
Voyager Medical does not use persistent cookies in anyway.
 
For full details about our cookies, we’ve put together a list of the cookies we use.
 
By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings. For more information on how to do this you may wish to read How to Block All Cookies Except for Sites You Use article which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari).
Cookies we use
Below is a full list of the cookies used by Voyager Medical LTD along with a description of what they are used for:
 
Cookie Name
Description
ASP.net_sessionID
This cookie is used for storing the customers session ID which is used to identify the customer. Session ID is then used to store the customers data for 1 hour so they do not have to rekey information when navigating between pages.
firstpct
This cookie stores the user ID of a customer on the log on page.
What if we don't want to accept cookies?
If you wish to restrict or block the cookies which are set by any website - including Voyager Medical Web site, you should do this through the browser settings for each browser you use, on each device you use to access the Internet. Please be aware that Voyager Medical Web site will not function if your browser does not accept cookies.
 
However, you can allow cookies from specific websites by making them “trusted websites” in your Internet browser. For more information on how to do this you may wish to to read How to Block All Cookies Except for Sites You Use article which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari).
 
Alternatively, you may wish to visit www.allaboutcookies.org which contains comprehensive information on how to do this on a wider variety of browsers.
 

User Questions

What physical security do you have?
Our web and database servers are held in a totally secure purpose-built location with access only available to authorised and validated personnel using advanced code and fingerprint identification. There is 24 hour security and CCTV monitoring.
 
How to contact us
Please contact us if you have any questions about our privacy notice or information we hold about you:
What information do we collect about you?
We only collect and use your information for the purposes of public health services of NHS England. These purposes include:
Accounts and records
Health administration and services
Information and databank administration
Research
Hubnet

Hubnet is an online pharmacy information system. We intend to provide healthcare professionals with an online ecosystem to allow for better communication between each other and their patients. Protected by law, the data you enter into this site remains your intellectual property and cannot be used by us. Our goal is to enable you to do more, if you like it you can subscribe for more!