Privacy Policy
Effective Date: January 8, 2026
Introduction
Otto ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy outlines how we collects, uses, stores, and protects your personal data when you access or use our website and services.
1. About This Policy
1.1 This Privacy Policy applies to all personal data processed by Otto in connection with your use of our website and services.
1.2 Otto is a service operated by Whitewater Pharmacy, a pharmacy registered with and regulated by the General Pharmaceutical Council (GPhC).
1.3 Whitewater Pharmacy is the data controller for the purposes of UK data protection law.
2. The Data We Collect
2.1 We may collect and process the following categories of personal data:
a. Identity data, including name, date of birth, and contact details
b. Contact data, including email address, telephone number, and delivery address
c. Health and medical data, including information provided in eligibility assessments, questionnaires, and clinical communications
d. Prescription and treatment data, including medication history and treatment progress
e. Technical data, including IP address, browser type, and device information
f. Usage data, including interactions with our website and services
2.2 Health and medical data is treated as special category data under UK GDPR and is subject to enhanced protections.
3. How We Collect Your Data
3.1 We collect personal data when you:
a. Access or use our website
b. Complete eligibility or medical questionnaires
c. Communicate with our clinical or support teams
d. Receive treatment or prescriptions through Otto
3.2 We may also collect limited technical data automatically through cookies and similar technologies.
4. How We Use Your Data
4.1 We process your personal data for the following purposes:
a. To assess eligibility and provide clinically appropriate treatment
b. To issue and dispense prescriptions
c. To manage ongoing care and treatment oversight
d. To comply with legal, regulatory, and professional obligations
e. To communicate with you regarding your care or service updates
f. To maintain the security and functionality of our website
4.2 We do not use your medical data for marketing purposes.
5. Legal Basis for Processing
5.1 We process your personal data under the following lawful bases:
a. Performance of a contract where processing is necessary to provide services
b. Legal obligation where required for regulatory or legal compliance
c. Vital interests where necessary for patient safety
d. Provision of health or social care, under Article 9(2)(h) UK GDPR
e. Consent, where explicitly required
6. Sharing Your Data
6.1 We may share your personal data with:
a. Qualified clinicians involved in your care
b. Whitewater Pharmacy for dispensing and regulatory purposes
c. Third-party service providers acting under data processing agreements
d. Regulatory bodies where legally required
6.2 All third parties are required to maintain appropriate confidentiality and data protection standards.
7. Data Storage and Security
7.1 We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.
7.2 Access to medical data is restricted to authorised personnel involved in your care or regulatory compliance.
8. Data Retention
8.1 We retain personal and medical data only for as long as necessary to:
a. Provide services
b. Meet clinical and regulatory requirements
c. Comply with legal obligations
8.2 Medical records are retained in accordance with NHS and pharmacy regulatory guidance.
9. Your Rights
9.1 Under UK GDPR, you have the right to:
a. Access your personal data
b. Request correction of inaccurate data
c. Request erasure of data where applicable
d. Restrict or object to certain processing
e. Request data portability
f. Withdraw consent where processing is based on consent
9.2 Requests may be subject to legal and clinical record retention requirements.
10. Cookies and Tracking
10.1 We use cookies and similar technologies to ensure website functionality and improve user experience.
10.2 You can manage cookie preferences through your browser settings. Further details are available in our Cookie Policy.
11. Complaints
11.1 If you have concerns about how your data is handled, you may contact us directly using the details below.
11.2 You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
12. Changes to This Policy
12.1 We may update this Privacy Policy from time to time to reflect changes in law, regulation, or service provision.
12.2 Updated versions will be published on our website.
13. Contact Information
For questions or data requests, please contact: hello@joinotto.co.uk
