Gift Card customer notice - Click here for more information

Need Help Finding The Perfect Christmas Gift? - Try Our Gift Finder Now

Hurry! Order before 2pm Thursday the 13th February for Valentines Day Delivery

Planning your 2025 Holidays? Shop our Summer Shop and stockup on SPF now - Click here

Christmas Has Landed At McCauley! Shop Our Range Of Gift Sets, Fragrance And Beauty Now

Click here for our Christmas delivery update

Click Here To Book Your Flu Vaccine Now

Free Next Day Delivery & Click & Collect* - Click here for more information

Rituals has landed at McCauley! Shop now and get a free gift with purchases over €40 - Shop Here

  • Sign In
  • Register
Search
Advanced Search
  • Compare Products
Bag
Menu
Menu
Account
Group 8

Book Your Flu Vaccine Here

Group 9

Free Click & Collect

Group 10

Spend €49 and get Free Delivery

McCauley Privacy Notice

1. Who We Are

McCauley Health & Beauty Pharmacy Ltd (“McCauley”, “we”, “us”) is the data controller for personal data processed through this website and our centralised online pharmacy and retail services.

This notice applies to personal data processed centrally by McCauley Health & Beauty Pharmacy Ltd. Individual pharmacies may act as independent data controllers for in store services.

Data Protection Officer: dpo_pharmacy@uniphar.ie

2. Purposes and Lawful Bases of Processing

We process personal data for the following purposes and lawful bases:

 

Processing Activity Data Involved Legal Basis
Online retail orders, delivery & customer service Identity, contact, order details Article 6(1)(b) – contract
Online pharmacy services (including prescriptions and health related products) Health data, medication information Article 9(2)(h) GDPR and Article 6(1)(c)/(b)
Customer queries and support Contact and correspondence Article 6(1)(f) – legitimate interests
Website analytics & fraud prevention IP address, device data Article 6(1)(f) – legitimate interests
Marketing communications (where opted in) Email address Article 6(1)(a) – consent

 

Our legitimate interests include operating and improving our services, responding to customer queries, maintaining website security, and preventing fraud, while balancing these interests against your rights and freedoms.

3. Categories of Personal Data

We may process the following categories of personal data:

  • Name, address, telephone number, and email address
  • Order and transaction information
  • Health related information where necessary to provide pharmacy services
  • Online identifiers such as IP address and cookie data

Payment details are processed securely by third‑party payment service providers and are not stored by us.

4. Health Data

Where you use our online pharmacy services, we process special category personal data relating to health strictly for the purpose of providing pharmacy services and meeting our legal and regulatory obligations. Access to such data is restricted to authorised personnel, and enhanced technical and organisational safeguards apply.

5. Who We Share Data With

We may share personal data with:

  • E‑commerce and IT service providers (including website and hosting providers)
  • Payment service providers
  • Email communications providers
  • Delivery and logistics partners
  • Professional advisers, auditors, and regulators where required by law

All processors act under written GDPR compliant agreements in accordance with Article 28 GDPR.

6. International Transfers

Where personal data is transferred outside the European Economic Area (for example where certain service providers are based or supported outside the EEA), such transfers are safeguarded using EU Standard Contractual Clauses together with appropriate supplementary technical and organisational measures.

You may request further information on these safeguards by contacting us.

7. Retention

Personal data is retained:

  • In line with Revenue requirements, pharmacy legislation, and other applicable regulatory obligations
  • For statutory limitation periods
  • For as long as necessary to provide services and resolve queries

Retention periods are reviewed on a regular basis.

8. Your Rights

You have the right to:

  • Access your personal data
  • Request rectification or erasure
  • Restrict or object to processing
  • Data portability, where applicable
  • Withdraw consent at any time, where processing is based on consent

Requests are normally responded to within one month. Identity verification may be required.

You also have the right to lodge a complaint with the Data Protection Commission:
www.dataprotection.ie

9. Security

We take reasonable and appropriate measures to ensure that personal data is processed securely and in accordance with this Privacy Notice and applicable data protection law.

We have implemented appropriate technical, organisational, and physical security measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Where we provide access to personal data, we take reasonable steps to verify an individual’s identity before granting access, in order to protect the confidentiality and security of the data.

We use secure systems and controls to safeguard personal data, including secure connections to protect data during transmission. Where you have been provided with (or have chosen) a password to access our services, you are responsible for keeping that password confidential and must not share it with anyone.

If you believe that personal data has been lost, disclosed, or accessed without authorisation, please notify us without delay so that we can investigate and take appropriate action.

10. Cookie Policy

Please see our separate cookie notice available here.

11. Updates to This Notice

This Privacy Notice may be updated from time to time to reflect changes in legal or regulatory requirements. The most current version will always be available on our website.

Contents

1. Introduction
2. Purposes of Data Collection
3. Categories of Data Collected
4. How is your Data Processed?
5. Who will this information be shared with?
6. How long will we hold your information?
7. Transfers to Third Countries
8. Your Rights
9. Security
10. Amendments of this Privacy Notice
11. Third Party Sites
12. Governing Law and Jurisdiction

 

 

1. Introduction

McCauley Health & Beauty Pharmacy Ltd is a private limited company, registered address 3054 Lake Drive, Citywest Business Park, Dublin 24, Wexford, Company Registration Number 65349 and is the data controller of any personal data you provide in the context of engaging our services.

 

We are committed to protecting your personal data in compliance with data protection principles. You may contact us at any time to exercise your rights as a data subject or where you require further clarification on the information provided in this policy by emailing dpo@smcc.ie

By using this Website you are agreeing to the use of your personal data as described in this Privacy Notice.

 

2. Purposes of Data Collection

i.Performance of a Contract

Where you provide your personal data to us to receive goods you have purchased from our website, we rely on Article 6(b) of the GDPR to provide the legal basis for collecting and processing your personal data for this purpose i.e. we require your personal data to fulfil the performance of this agreement with you. We also rely on this legal basis where you voluntarily submit those details for the purposes of enquiring about our products or services.

ii.Consent

We rely on Article 6(1)(b) and Article 9(a) to process special categories of data where it may be possible to infer the status of your health or any particular condition that you have through the purchase of healthcare or medicinal products on our website.

 

iii.Legitimate Interests

We also rely on Article 6(f) of the GDPR to process your personal data for the purpose of running analytics on our sales and website to determine how we can optimise and improve our business for the benefit of our customers.

 

iv.Performance of a Contract

We collect and process your personal data for the purposes of contacting you where you provide these details to us in the context of enquiring about our services or products. Where you voluntarily submit your personal details for the purposes of engaging our services we rely on Article 6(b) of the GDPR to provide the legal basis for collecting and processing your personal data for this purpose i.e. we require your personal data to fulfil the performance of this agreement with you.

 

3. Categories of Data Collected

We only collect personal data that is provided by you i.e. name, address, telephone number, email address. We do not collect payment details and all payments are routed through a secure payment gateway.

We also use your personally identifiable information for the purpose of website analytics i.e. we use your IP address for the purpose of identifying the number of visitors to our website, page impressions etc, however, we do not have the capability of identifying you from your IP address.

We use cookies on our website for the purposes of website functionality and optimising your browsing experience. We also use cookies for the purposes of suggesting products that you may be interested in purchasing through the Google Ad Display Network and through your Facebook profile (if you have one). For more information on cookies please refer to our cookies policy.

 

4. How is your Data Processed?

Your data is automatically synced with our mail servers and e-commerce system and will be processed internally for these purposes.

 

5. Who will this information be shared with?

Your privacy is very important to us. Your personal data may be shared with business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you. For example, we will share your details with our mail delivery partners for the purposes of ensuring the goods you purchase are delivered to you.

In the event of a purchase or sale of the business, we may disclose your personal data to third parties who are prospective buyers or sellers of such businesses or assets. If the Company or its assets are sold to a third party, personal data will be transferred as part of the transaction. However, the Company will ensure to the best of its ability that the privacy of your personal data is maintained on an ongoing basis.

Personal information may also be disclosed to law enforcement, regulatory, or other government agencies, or to other third parties, in each case to comply with legal or regulatory obligations or requests.

 

6. How long will we hold your information?

We will hold your information for the duration required to fulfil our contractual and statutory obligations. Where you would like your information to be deleted, please refer to section 8 below.

 

7. Transfers to Third Countries

Where personal data that is processed for the purposes of providing our services to you and where this requires the transfer of this data outside of the EEA .

Where personal data is transferred outside of the EEA, your rights as a data subject are protected by data transfer mechanisms such as Standard Contractual Clauses and EU/US Privacy Shield.

 

8. Your Rights

You have a number of rights as a data subject which you may choose to exercise at any time by contacting us at dpo@smcc.ie 

 

i. Access to Personal Data

Where you wish to access a copy of your personal data held by us, you may do so by contacting us in writing and we will respond to this request in 30 days.

 

ii. Rectification or Erasure of Personal Data

Where you wish the data that we hold on you to be rectified, you have the right to request this in writing. 
Where you wish to exercise your right to have your personal data erased, we will do so without undue delay, subject to the exemptions provided for in Article 17(3) of the GDPR.

 

iii. Restriction of processing

You have the right to obtain restriction of processing of your personal data where you contest the accuracy of the data for a period allowing us to verify the accuracy of the data; where the processing is unlawful and you oppose the erasure of your data and request the restriction of its use instead; where we no longer need the data for the purposes for which it was collected but it is required by you for legal purposes; where you have objected to the processing pursuant to Article 21(1).

 

iv. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

 

9. Security

We use reasonable technical and organisational security measures to protect your data and to prevent the loss, misuse or unauthorised alteration of any data in our control and will use our reasonable endeavours to ensure that such information is kept as secure as possible.

 

10. Amendments of this Privacy Notice

This Privacy Statement may be updated to reflect changes in privacy legislation, and any changes to this Notice should be reviewed when accessing the website.

 

11. Third Party Sites

Where links to third party websites are provided, we do not accept any liability or responsibility for the content or security of these websites.

 

12. Governing Law and Jurisdiction

This notice and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.

Paypal Visa Card Mastercard
McCauley © 2024. All rights reserved.