Privacy Policy
DrMeds is committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, how we use it, and your rights under GDPR and applicable data protection laws.
1. Who We Are
DrMeds ("we", "us", "our") is a global specialty pharmaceutical access platform operated by DrMeds Ltd, with its registered head office at Business Bay, Dubai, UAE. We are the data controller for personal data collected through drmeds.org and our services.
Contact for privacy matters: privacy@drmeds.org
2. Data We Collect
We collect the following categories of personal data:
- Identity data: Full name, date of birth, government ID number
- Contact data: Email address, phone/WhatsApp number, delivery address
- Medical data: Prescriptions, diagnosis, medical history (only as necessary for order fulfilment)
- Transaction data: Order details, enquiry history, payment reference (we do not store payment card data)
- Technical data: IP address, browser type, device, pages visited (via cookies)
- Communications data: Messages sent to us via email, WhatsApp, or contact forms
We collect this data directly from you when you submit a prescription, make an enquiry, or contact us.
3. How We Use Your Data
We use your personal data for the following purposes:
- Processing your medicine requests and prescription orders
- Verifying prescriptions with our licensed pharmacists
- Communicating order status, tracking, and delivery updates
- Complying with pharmaceutical and customs regulatory requirements
- Responding to customer service enquiries
- Improving our services (using anonymised analytics data only)
We process medical data only where strictly necessary for order fulfilment, based on your explicit consent provided at the time of submission.
4. Data Sharing
We do not sell your personal data. We share your data only with:
- Certified manufacturers and distributors: Only the minimum data necessary to source and dispatch your medicine
- Logistics partners: Name, address, and phone number for shipping and customs clearance
- Regulatory authorities: Where legally required by pharmaceutical import/export regulations
- IT service providers: Hosting and security providers under strict data processing agreements
All third parties are required to handle your data securely and in accordance with applicable law.
5. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request we limit how we process your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Withdraw consent for medical data processing at any time
To exercise any of these rights, email privacy@drmeds.org. We will respond within 30 days.
6. Data Retention
We retain personal data for as long as necessary to fulfil the purposes outlined in this policy:
- Order and prescription data: 7 years (pharmaceutical regulatory requirement)
- Customer communications: 3 years from last interaction
- Website analytics data: 26 months (anonymised)
7. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. This includes SSL encryption, access controls, and regular security audits. Medical and prescription data is stored on encrypted servers with restricted access.
8. Contact & Complaints
For any privacy-related questions or concerns, contact our Data Protection team at privacy@drmeds.org.
If you are located in the EU/EEA and believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.