Privacy & Security Policy

Privacy Statement


The purpose of this document is to set out the privacy entitlements of Data Subjects, as defined in the General Data Protection Regulation (GDPR), of living persons.  Privacy can only apply to information that is not already in the public domain and GDPR only applies to such personal data.

The General Data Protection Regulation (GDPR) is a European Union Regulation that sets out the data entitlements of data subjects and the obligations of those who process the personal data of data subjects. GDPR seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. 

The protection of your privacy and the confidentiality of your data are of the utmost importance to us and we highly value your trust in the Stacks Pharmacy website. This policy sets out the type of information we collect about you, how we will use it and the security measures we take to keep your information safe.

Information We Collect

Paying a Bill

Paying a bill on the Stacks Pharmacy website offers you a great number of advantages such as an enhanced user experience, great customer service and the benefit of an innovative healthcare service. In order for us to provide these services to you, we will collect, store and process personal information about you from our website, telephone calls with you and email, written and oral communications.

Personal information includes details such as your name, address, email address, phone number, care home name, Patient Name, Payer's Name, Payer's Email, Payer's Phone and the payment amount and details that are relevant to the service in which you are interested.

If you register for our Ask the Pharmacist service, we may also collect sensitive personal information regarding your (or, if using the service on behalf of your child aged under 18 years, your child’s) health matters.

How we will Use Your Information

We, and our Group, will primarily use your personal data:

to provide you with the services you have requested or products you have purchased.

to communicate with you in the event that any services requested are unavailable or if there is a problem with your order.

for record keeping purposes.

to track and analyse activity on our website.

Use and Storage of Your Information

The processing of your data will be in full compliance with all applicable data protection and other laws. Your data will be stored only within the EU and will be treated as strictly confidential. Your personal data will not be disclosed to any third party outside of our Group without your explicit consent or if not explicitly permitted by law.

Data Storage

All billing data with our data processors Realex payments ltd. We do not store personal data outside the European Economic Area (EEA)

Data Security

At Stacks Pharmacy, we understand that our customers are concerned about the security of their debit and credit card details. We take significant steps to protect all your information, and especially your payment details, using cutting-edge security technology.

We have employed specialists from industry leaders to help us design and implement our security systems to the highest standards to ensure that our computer systems and databases are protected against unauthorised disclosure, use, loss and damage. All credit card transactions are made via a secure payment gateway and credit card information is encrypted and firewall protected.

Changes to this Privacy Policy

Privacy laws and practice are constantly developing and our policies and procedures are under continual review. We may from time to time, update our privacy policies. If we decide to amend the privacy policy we will post the changes on our homepage so that you are always aware of what data we collect, how we use it and under what circumstances, if any, we disclose it.

Applying for a Job

Personal Data

Our company collects data from you and uses that data to place you in employment with us which involves making telephone contact with you, emailing you with positions that may be of interest to you, and sharing your data with Store Managers, Area managers, Directors and Pharmacists, HR Colleagues and selected members of key departments.  When you make contact with us, you are consenting for our company to retain your data until you either you opt out (which you can do at any stage). Our company in their capacity operates as a Data Controller in respect of the personal data you supply to us.  We share your data with Store Managers, Area managers, Directors and Pharmacists, HR Colleagues and selected members of key departments relevant to vacancy available.

We collect personal data about you from the application forms and questionnaires you may be asked to complete; we also gather personal data from records of our correspondence, phone calls, emails and details of your interviews or trials conducted with us for a potential position.

Our website uses cookies; a cookie is a text file that a Web browser stores on a user’s machine. Cookies are a way for Web applications to maintain application state. They are used by websites for authentication, storing website information/preferences, other browsing information and anything else that can help the Web browser while accessing Web servers. HTTP cookies are known by many different names, including browser cookies, Web cookies or HTTP cookies. Expression Engine uses cookies to help us identify and track visitors and their website access preferences. If you do not wish to have cookies placed on your computer, you should set your browser to refuse cookies before using our website.

Data Minimisation Principle: We will only collect the information we need so that we can ensure adequate information is provided with the requirements of a particular vacancy relevant to you, as the role is further developed, it may be necessary to obtain further data from you, we will do this if and when it is necessary and only the necessary data will be obtained.  This company does not sell or broker your data.

Data Subjects

This company has different categories of data subjects:

Data subjects who are general candidates looking for temporary or permanent work with Stacks Pharmacy.

There are different categories of data required between the differing vacancies and only the information necessary to conduct the screening of each data subject will be collected. 

The legal basis for processing any personal data

This company relies upon the following legal bases for data collection:

  1. Information is required in order to review your experience to see are you suitable for the vacancies. The basis of data gathering in this instance is based on the requirements of the vacancy.  This will include identification information such as but not limited to name, address, date of birth, information regarding education/qualifications and reference checks.
  2. Information is required in order to perform our statutory obligations such as compliance with employment permit legislation.  This information will include GNIB card copies.
  3. Information is processed in the legitimate interests of the business and where so processed it will be in accordance with and subject to your data subject rights and entitlements.


A necessity of our recruitment process is that we share your personal data with Store Managers, Area Managers, Directors. Pharmacists, HR Colleagues and selected members of key departments.  We have in place confidentiality agreements in the form of employment contracts as well within our Employee handbook and we have done our utmost to ensure that all employees handle your data in a manner that is consistent with this Privacy Notice and GDPR. Our employees may themselves be subject to data protection audits to comply with these requirements. 

We do not broker or pass on information gained from your engagement with our company. However, we may disclose your Personal Information to meet legal obligations, regulations or valid governmental requests. The company may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of our company, its clients and/or the wider community.

Retention Policy

We will process personal data during the duration of any vacancy and will continue to store only the personal data needed for periods after the vacancy has expired to meet any legal obligations as set out in the table below.  After these periods any personal data not needed will be deleted.

Source of Obligation

Retention Period

Revenue Commissioners., Collector General,

Companies Acts legislative provisions

6 years rolling retention of records

Personal Injuries related records

Records are retained for a period of 3 years past the date of the cause of action, unless it involves a minor, in which case the retention period will be up until 3 years after the minor reaches the age of 18.

Breach of Contract related records

Records are retained 6 years from the date of the breach

Employment Agency Candidate for

interviews/Placements Records

Candidate information is kept for a period of 3 years past the initial contact with the agency, unless the candidate exercises their entitlement to a termination of processing.

Employment contract/terms of employment related information

Duration of the employment - this includes everything from the application form, interview notes, contract related, performance appraisals, references.

Working Time - time sheets/holiday

and public holiday records

National Minimum Wages

Protection of Employment - Temporary Agency Workers, Part Time Workers, fixed Term Workers Protection of Young Persons


3 years post the termination of the employment_ Records kept are sufficient to show compliance with legal obligations in accordance with the statutory provisions.

Parental Leave Related

3 years - records kept show the dates when a qualifying employee availed of the parental leave and force majeure leave provisions

Employment Equality

All records, including interviews and applications are kept for a period of three years.

Health and Safety Records

All records relating to health and safety will be kept for a period of 10 years

Data Law Compliance

Records in relation to our compliance with Data Law and GDPR will be kept for a five-year period.

Data Storage

Data is held in France/Ireland using a single secure server and our secure ATS platform. We do not store personal data outside the European Economic Area (EEA).

Your right as a subject

For the entirety of the time that we are in possession of your data, you have the following rights:

Right of access – you have the right to request a copy of the information that we hold about you.

Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records and we will comply with this request in accordance with our own obligations to keep records for statutory purposes

Right to a restriction of processing – where certain conditions apply you have a right to restrict the processing.

Right of portability – you have the right to have the data we hold about you transferred to another organisation.

Right to object – you have the right to object to certain types of processing such as direct marketing.

Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

These rights may on occasion need to be modified/curtailed by statutory or competing obligations, for example, you may request that we delete your data, however if we have been your employer will can only do so after the statutory period of record retention has expired.  In the event that we are obliged to refuse your request in accordance with your data subject rights, or if we are obliged to place conditions on our assent to your request, we will provide you with a reason as to why, which you have the right to legally challenge.

At any time following a request from you, we can confirm what information we hold about you, as well as how and why it is being processed.

You can request the following information:

To access what personal data is held, identification will be required

We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released.

All requests should be made to our Data Protection Lead from Data Protection Officer at or writing to us at STACKS PHARMACY, Unit 16, Northern Cross business Park, North Road, Finglas, Dublin 11.


In the event that you wish to make a complaint about how your personal data is being processed by us, you have the right to complain to our DPO, Andrew Stack. If you do not get a response within 30 days you can complain to the OFFICE OF THE DATA COMMISSIONER, Supervising Authority of Ireland.

Contacting Stacks Pharmacy

If you have any questions, complaints or concerns about the way how we collect, store or use your personal data, please contact our customer service department using the contact details provided below. Please also contact our HR department if you would like to access, review or correct your personal data collected, stored or processed by us. In the event that you want part of your data deleted, please let us know precisely which information you want deleted as otherwise we have to delete all data related to you which may affect your future user experience on the website.

Stacks Pharmacy

Unit 16, Northern Cross Business Park, North Road, Finglas, Dublin 11

Phone: 01 8800120