Skip to main content

Healthy Smile Pharmacy Partner Data Sharing & Privacy Agreement

1. Definitions

For the purposes of this Agreement:

“Data Protection Laws”: Refers to all applicable privacy and data protection legislation, including but not limited to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other relevant legislation.

“Customer Data”: Refers to any personal data of Referred Customers collected by HSP and shared with the Partner in connection with the Partner Program. This may include names, contact details, purchase history, and subscription information.

“Controller”: The Party that determines the purposes and means of processing personal data.

“Processor”: The Party that processes personal data on behalf of the Controller.

2. Purpose and Scope of Data Sharing

2.1. HSP and the Partner agree to share Customer Data solely for the purpose of promoting HSP products and tracking referrals under the Partner Program.

2.2. The Parties acknowledge and agree that HSP is the Controller and Processor of Customer Data and the Partner has no direct role in the handling such data.

3. Partner Obligations

3.1. Compliance with Data Protection Laws: The Partner agrees to comply with all applicable data protection and privacy laws, including but not limited to the General Data Protection Regulation (GDPR), the UK Data Protection Act, and any other relevant legislation.

3.2 Data Ownership: The Partner acknowledges that all customer data obtained through participation in the Program, including but not limited to names, contact details, and purchase history, remains the sole property of HSP.

3.3. Prohibition on Sharing: The Partner shall not share, sell, transfer, or disclose Customer Data to any third party without the prior written consent of HSP.

3.4. Purpose Limitation: The Partner shall use Customer Data only for the purposes specified in this Agreement and the Partner Agreement.

3.5 Data Handling: HSP reserves the right to audit the Partner’s data handling practices to ensure compliance with this clause. The Partner agrees to cooperate fully with such audits.

3.6. Data Security: The Partner shall implement appropriate technical and organizational measures to protect Customer Data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Such measures shall include, but not be limited to:

  • Encryption of sensitive data.
  • Secure storage solutions.
  • Restricted access to authorized personnel only.

3.7. Data Retention: The Partner shall retain Customer Data only for as long as necessary to fulfil the purposes of the Partner Program or as required by law. Upon termination of the Partner Agreement, the Partner shall securely delete or return all Customer Data, as directed by HSP.

3.8 Third-Parties: If the Partner engages any sub-processors or third-party service providers in connection with their participation in the Program, they must:

  • Obtain prior written approval from HSP.
  • Ensure that any sub-processor complies with the same data protection obligations as outlined in this Agreement.

3.9. Breach Notification: The Partner shall notify HSP in writing within 24 hours of becoming aware of any actual or suspected data breach involving Customer Data. The notification must include details of the breach and any remedial actions taken.

4. HSP Obligations

4.1. Provision of Data: HSP shall share only the minimum Customer Data necessary for the Partner under the terms of the Partner Agreement.

4.2. Accuracy of Data: HSP shall ensure that all Customer Data shared with the Partner is accurate and up-to-date to the best of its knowledge.

5. Audit Rights

5.1. HSP reserves the right to audit the Partner’s data handling practices to ensure compliance with this Agreement and applicable Data Protection Laws. The Partner agrees to cooperate fully with such audits.

6. Termination

6.1. This Agreement shall remain in effect for the duration of the Partner Agreement.

6.2. Upon termination of the Partner Agreement, the Partner shall immediately cease processing Customer Data and, at HSP’s direction, securely delete or return all Customer Data.

7. Indemnity

7.1. The Partner shall indemnify and hold harmless HSP from and against any and all claims, losses, damages, or expenses arising from the Partner’s non-compliance with this Agreement or applicable Data Protection Laws.