Vetpharmacy.co.uk Cookie Policy : We use cookies to enhance your user experience. To find out more please view our cookie policy
Privacy & Cookie Policy
Version 1.2.
Last Updated: 13th January 2026
Our Privacy Notice describes the categories of personal data we process and for what purposes.
Introduction and summary
At VetPharmacy we know that your personal data is important to you. That’s why, whenever we use it, we only use what we need to, and we do everything we can to ensure it is appropriately protected.
This notice explains the situations where we may process your personal data and the steps we take to protect it.
Updating this notice
VetPharmacy keeps its privacy policy under regular review, and we may make changes to this notice at any time. Depending on the associated processing risks, we will either contact you with the modified terms, or we will post a copy of these on our website. Any changes will take effect 7 days after the date of our email, or the date on which we post the modified terms on our website, whichever is sooner. Please ensure you regularly check our website for any updated use of your personal data, alongside contact information in the event you have any further queries.
Who we are
VetPharmacy is the trading name for Norchem Healthcare Limited (company number 03465047 registered address Merchants Warehouse, Castle Street, Manchester, England, M3 4LZ). When we say ‘we’ or ‘us’ we mean this company. This company is part of the wider Bestway Healthcare Group of companies, including Bestway Panacea Holdings Ltd (an English and Welsh registered company with company number 09225479, registered address: Merchants Warehouse Castle Street, Castlefield, Manchester, M3 4LZ). When we say ‘Group’ in this notice, we mean other members of our group of companies, including trading and subsidiary companies of Bestway Panacea Holdings Ltd (an English and Welsh registered company with company number 09225479, registered address: Merchants Warehouse Castle Street, Castlefield, Manchester, M3 4LZ) and its trading and subsidiary companies.
How you can contact us
- By Email: sales@vetpharmacy.co.uk
- By Post: VetPharmacy, 18 Oxleasow Road, East Moons Moat, Redditch, B98 0RE.
If you specifically want to contact our Data Protection Officer, you can do so by emailing DPO@bestwayhealthcare.co.uk.
Alternatively, you can write to them at: Data Protection Officer, Merchants Warehouse, 21 Castle Street, Castlefield, Manchester, M3 4LZ.
How we use your personal data
We collect and use your personal data when you:
- Browse our website.
- Register on our website.
- Place an order with us online or by phone.
- Contact us by email, telephone or social media.
- Sign up to our newsletter or other marketing correspondence.
- Enter a competition or prize draw run by us.
What we specifically collect and how we use it depends how you interact with us and the specific services you’ve requested. Some examples of how we use your personal data are as follows:
- When you place an order through our website we will use your name, home address, delivery address, home telephone or mobile number, email address, information about the products you order and payment details.
- If you are purchasing a medicine for your pet you will need to provide health information about your pet.
- When you contact us by email, telephone or social media, we will collect information that we need to respond to your query, and any other supporting information you voluntarily provide to us. This information may include your name, home address, delivery address, home or mobile number, order number, details of products you have purchased or are considering purchasing and health information (if you are enquiring about a medication). The data we collect enables us to respond to your enquiry.
- If you sign up to our email newsletter or another marketing list we have, we will gather your explicit consent to send you communications. This will involve the collection of your name and email address, and if you have ordered with us we may use your purchase history to ensure that the emails you receive are relevant to you. You can opt out at any time by contacting our customer services, or by clicking on the unsubscribe link included in all of our marketing emails (please note that this may take up to 7 days; if we already have a newsletter scheduled to be sent to you then you may still receive this).
- Where you enter into a competition, the type of personal data we will use as a minimum includes your name, email address and home or mobile telephone number. Other information we collect may include your home address, date of birth, and user generated content (e.g. answers to a competition question). We collect this data to carry out prize draws or competitions which you chose to participate in and to determine the winner, or to provide the prize if you win. If we intend to use any of this data for marketing purposes, we will clearly inform you before you enter your details.
When you visit our website, we also collect other information, sometimes referred to as ‘cookies’. Our use of cookies may include the collection of anonymised information about the type of browser you use when visiting our website; your IP and device address; hyperlinks that you have clicked; and other websites you visited before arriving at our website. You can find more about how we use cookies in our Cookie Policy below.
Who we share your personal data with
In the previous section we described instances where we share your personal information with others. There are also other third parties that we use to help us deliver and improve our services to you. In this section, we have summarised the types of third parties who we may share your data with.
- If you wish to purchase an age-restricted product from our website, we have a regulatory responsibility to verify that you are of a suitable age before completing the purchase. We do this alongside a trusted third party supplier. We only use your personal data for this very specific purpose and ensure there are security measures in place to protect your information.
- Where we store your personal information related to a purchase you have made, a third party company may supply the system where this information is securely held.
- When you make a payment for goods or services, a third party company may process this payment.
- We may use third party postal services and couriers to deliver items you purchase.
- Where necessary, we may need to share your personal data with law enforcement agencies where we are required to do so by law. This will most likely be for the detection or prevention of crime, or to exercise or defend a legal claim.
- We may also share your personal data with third party regulators. This may include the Veterinary Medicines Directorate (VMD) or the Information Commissioner’s Office (ICO).
Whenever we use third parties, we will always ensure that only the minimal amount of relevant information is shared and that data is securely deleted once it is no longer required.
Where we process your personal data
We may need to transfer your information outside the UK to service providers, agents, and subcontractors in countries where data protection laws may not provide the same level of protection as those in the European Economic Area. Where this happens, we agree specific safeguards and assurances in our contracts with those providers to ensure there are appropriate controls in place to protect your data. Where necessary, we also ensure we have conducted a full ‘Transfer Risk Assessment’ alongside any necessary contractual obligations. This is an area of legislation that is subject to change, so we always ensure we are fully up to date with updates from the UK Government, the Information Commissioner’s Office, and the European Commission.
Your privacy rights and how to exercise them
Under data protection laws, you have the following rights:
- Right of Access (typically called a “Subject Access Request” or “SAR"): you have the right to know how we process your personal data (as explained in this notice) and also a right to receive a free copy of your personal data.
- Right to Rectification: you can ask us to change or complete any inaccurate or incomplete personal data held about you.
- Right to Object: you have the right to object, in certain circumstances, to us processing your personal data. For example, you can object to us sending you marketing material, or using your personal data to create a profile about you that is related to direct marketing.
- Right to Erasure: in certain circumstances, you can ask us to delete your personal data. For example, where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis to keep it.
- Right to Portability: you have the right to ask us to send a copy of certain elements of your personal data (predominantly information you have shared directly with us) to another company.
- Right to Restrict Processing: you can ask us to restrict the personal data we use about you where you have asked for it to be erased (and the erasure has not taken place, or we were unable to erase the data when we should have) or where you have objected to our use of it.
To make a subject access request, or to exercise any other data subject rights, you can contact us using the information provided in this notice.
It is free to exercise your privacy rights and we will respond to any request as quickly as we can. Under current data protection laws, we have 30 days to respond to any request, unless an exemption applies. We will contact you as soon as we can where we are applying an exemption, which may extend the time we have to process your request.
Children’s data and safeguarding
VetPharmacy will never knowingly process personal data related to children for any purpose other than in the following unique circumstances:
- Where welfare or safeguarding concerns are raised about a child or children. This may involve VetPharmacy liaising with local authorities to ensure the protection of those involved. Wherever this occurs, Chemist.net will always consider whether consent is appropriate and, if it is not, another legal basis will be established.
- Our website collects cookies, which may inadvertently relate to children who visit our website. However, the resulting cookie activity (e.g. to improve the functionality of our website) does not cause a sufficient level of harm to impact children.
There may be occasions where it becomes necessary to safeguard individuals, either from others or themselves. We always take any decision around sharing data of this nature with other authorities or bodies incredibly seriously, and we ensure that our internal policies also reflect this. Data protection laws are still applicable, and, in serious cases, the sharing of personal data will likely be done using one or more of the following legal bases:
- Vital interests (to protect those of the data subject/s).
- Reasons of substantial public interest, which may include:
- Preventing or detecting unlawful acts.
- Protecting the public.
- Safeguarding of children and individuals at risk.
- Safeguarding of economic wellbeing of certain individuals.
We also have a responsibility to safeguard adults who lack mental capacity under the Mental Capacity Act (2005). VetPharmacy always weighs up the necessity of sharing any personal data for purposes above and beyond that which the data subject is already aware of and considers whether consent is an available option. Any personal data this is ultimately shared will be done so after internal consideration alongside VetPharmacy’s Data Protection Officer and other senior responsible individuals, and only the minimum amount of information is securely shared.
How long we retain your personal data
VetPharmacy will retain your personal data for as long as we are legally or contractually required to do so, or for a period which is justifiable to meet our business needs. The exact retention period varies depending on the type of information and purpose for use, and our internal policies support this activity.
Marketing and communications
If you have given your consent, or if we believe legitimate interests may apply, we will, from time to time, contact you about the products and services we offer.
The marketing we send to you may be tailored to make it more relevant. This is done by analysing the data we hold on you (e.g. services previously used, age, address, previously stated health and wellbeing interests) to create a profile. If you want to receive marketing from us, but do not want this to be tailored then you can object to the profiling as described under "What are your privacy rights and how can you exercise them?". Alternatively, unsubscribing from marketing will also cease the profiling activity we conduct.
We may also contact you in the following scenarios:
- To request that you take part in customer feedback and surveys. This allows us to collect insights on the service we provide and what our customers may want from us in the future.
- To provide an update on an order you have placed.
- To confirm a delivery slot for an order you have placed.
We will send these communications to you either by email, post - or both - depending on the content and context of the communication. Every marketing communication we send will include instructions on how to opt-out. Some of our communication will be contractual in nature, however if our communication is of a direct marketing nature, you can change your marketing preferences at any time using the contact information provided in this notice.
Cookie Policy
Cookies are small text files used to store small pieces of information. They are stored on your device when a website loads in your browser. These cookies help ensure that the website functions properly, enhance security, provide a better user experience, and analyse performance to identify what works and where improvements are needed.
Like most online services, our website uses both first-party and third-party cookies for various purposes. First-party cookies are primarily necessary for the website to function properly and do not collect any personally identifiable data.
The third-party cookies used on our website primarily help us understand how the website performs, track how you interact with it, keep our services secure, deliver relevant advertisements, and enhance your overall user experience while improving the speed of your future interactions with our website.
Necessary
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
| Cookie | Duration | Description |
|---|---|---|
| recently_viewed_product | 1 day | Magento 2 set this cookie to store product IDs of recently viewed products for easy navigation. |
| recently_viewed_product_previous | 1 day | Magento 2 set this cookie to stores product IDs of recently viewed products for easy navigation. |
| recently_compared_product | 1 day | Magento 2 set this cookie to store information on recently compared products. |
| recently_compared_product_previous | 1 day | Magento sets this cookie to store the data on recently compared products. |
| product_data_storage | 1 day | Magento sets this cookie to store the product information. |
| mage-messages | 1 day | Magento sets this cookie to manage the web messages for the user. |
| rc::a | Never Expires | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| rc::c | session | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| form_key | 1 day | Magento sets this cookie as a security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF). |
| mage-cache-storage | 1 day | Magento sets this cookie for local storage of visitor-specific content that enables e-commerce functions. |
| mage-cache-storage-section-invalidation | 1 day | Magento sets this cookie for local storage of specific content sections that should be invalidated. |
| mage-cache-sessid | 1 day | Magento sets this cookie as a value, and this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the administrator cleans up local storage and sets the cookie value to true. |
| searchReport-log | session | This cookie is used for tracking the search queries made by the visitor. |
| PHPSESSID | 1 day | This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed. |
| private_content_version | 1 year 1 month 4 days | This cookie is set by the provider Magento eCommerce platform. This cookie is used for appending a random, unique number and time to pages with customer content to prevent them from being cached on the server. |
| __kla_viewed | Never Expires | Klaviyo sets this cookie to collect information on the user's website navigation and preferences. |
| _GRECAPTCHA | 6 months | Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks. |
| rc::f | Never Expires | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| rc::b | session | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| ytidb::LAST_RESULT_ENTRY_KEY | Never Expires | The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future. |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| cookieyes-consent | 1 year | CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors. |
Functional
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
| Cookie | Duration | Description |
|---|---|---|
| _hjTLDTest | session | To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails. |
| yt-remote-device-id | Never Expires | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
| yt-remote-connected-devices | Never Expires | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
| yt-remote-session-app | session | The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player. |
| yt-remote-cast-installed | session | The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video. |
| yt-remote-session-name | session | The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video. |
| yt-remote-fast-check-period | session | The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos. |
| _hjCookieTest | session | <p>Used by the Hotjar tracking code to determine if a user's browser is capable of storing cookies.</p> |
| __Secure-YEC | past | YouTube sets this cookie to stores the user's video player preferences using embedded YouTube video |
| yt-remote-cast-available | session | The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player. |
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc. You can opt out anytime via ‘Manage Preferences' if you wish.
| Cookie | Duration | Description |
|---|---|---|
| __kla_id | 1 year 1 month 4 days | Klaviyo sets this cookie to collect information on the visitor’s behavior. This information is used for internal analytics and to optimise the website. It also registers if the visitor has subscribed to a news letter. |
| _ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
| _gid | 1 day | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. |
| _gat_UA-* | 1 minute | Google Analytics sets this cookie for user behaviour tracking. |
| _hjSessionUser_* | 1 year | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. |
| _hjSession_* | 1 hour | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. |
| _ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
| __kla_session | 1 hour | <p>This is used for Klaviyo to collect user session data.</p> |
Advertisement
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
| Cookie | Duration | Description |
|---|---|---|
| YSC | session | Youtube sets this cookie to track the views of embedded videos on Youtube pages. |
| VISITOR_INFO1_LIVE | 6 months | YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface. |
| VISITOR_PRIVACY_METADATA | 6 months | YouTube sets this cookie to store the user's cookie consent state for the current domain. |
| yt.innertube::requests | Never Expires | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
| yt.innertube::nextId | Never Expires | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
| __Secure-YNID | 6 months | Google cookie used to protect user security and prevent fraud, especially during the login process. |
| __Secure-ROLLOUT_TOKEN | 6 months | YouTube sets this cookie to manage feature rollout and experimentation. It helps Google control which new features or interface changes are shown to users as part of testing and staged rollouts, ensuring consistent experience for a given user during an experiment. |
Different browsers offer various methods to block and delete cookies used by websites. You can adjust your browser settings to block or delete cookies. Below are links to support documents on how to manage and delete cookies in major web browsers.
Chrome: https://support.google.com/accounts/answer/32050
Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac
Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
If you are using a different web browser, please refer to its official support documentation.
Registering on our website
There is no obligation to register on our website to make a purchase, however registering has a range of benefits including easier checkout and the ability to track your orders. When you register you will need to provide your email address and create a password. You may also need to provide your home address, telephone number and date of birth (to fulfil our legal obligations in regards to the sale of restricted products such as medicines and electronic cigarettes).
Placing an order
The information we collect from you here is required in order to perform our contact with you (sending you the products you request from us); name, home address, delivery address, home telephone or mobile number, email address, information about the products you order and payment details. If you are purchasing a medicine you will also need to provide health information about the pet who will be taking the medication.
If you have placed an order and would like to delete your account, this will be considered on a case by case basis as it will depend on what you have purchased from us as to what our legal and regulatory obligations are; please contact us and we will advise accordingly.
Contacting us by email, telephone or social media
The information we collect when you contact us will depend on the nature of the enquiry and whether you are querying an order you have already placed; we will only collect information that we need to respond to your query and/or that you voluntarily provide to us. This information may include your name, home address, delivery address, home or mobile number, order number, details of products you have purchased or are considering purchasing and health information (if you are enquiring about a medication). The data we collect enables us to respond to the enquiry that you initiate.
Signing up to our newsletter
We will only send you our email newsletter if you explicitly consent to this; this can be done when you register for your account, or via the separate registration link. We collect your name and email address, and if you have ordered with us we may use your purchase history in order to ensure that the emails you receive are relevant to you. You can opt out at any time by contacting customer services or by clicking on the unsubscribe link included in all of our marketing emails. Please note that this may take up to 7 days; if we already have a newsletter scheduled to be sent to you then you may still receive this.
Entering a competition or prize draw run by us
The data we will collect will depend on the competition being run but will include as a minimum: name, email address and home or mobile telephone number. Other information we collect may include your home address, date of birth, and user generated content (e.g. answers to a competition question). We collect this data to carry out prize draws or competitions which you chose to participate in and to determine the winner or to provide the prize if you win. If we intend to use any of this data for marketing purposes, we will clearly inform you before you enter your details.
5) Processing Personal Data about children
Our website is intended for adults.
6) How do we keep your Personal Data safe?
We maintain appropriate technical and organisational measures to protect the Personal Data you provide. This includes, but is not limited to, using only secure servers and payment providers, rigorous and regular staff training, DBS checks and compliance with NHS Information Governance requirements and the NHS Code of Practice on Confidential Information.
7) What about third party companies?
We may need to share your information with third party companies to fulfil our contract to you and/or to fulfil our legal obligations. Depending on the nature of the product/service you request from us, and whether you consent to marketing emails, these organisations may include:
- Parcel couriers, including Royal Mail and DX.
- Payment providers such as Opayo (formerly Sage Pay) and PayPal.
- Companies that provide fraud and money laundering checks.
- Companies that enable us to run the website and associated services, such as web hosting, development, email delivery, reviews and feedback surveys.
We provide the minimum amount of information that these third parties require in order to fulfil the services that are outsourced to them. We have contracts in place to ensure that these companies also keep your personal information secure and confidential.
8) Sharing your information outside the European Economic Area (EEA)
Personal data can be transferred, processed and stored within the EEA (comprising all of the European Union countries, Iceland, Liechtenstein and Norway) safely and securely as they offer an adequate level of protection in comparison to the UK.
Most of our data is stored and processed within the EEA, however we also transfer your data to India, where our web development team is based. We ensure that your personal data is subject to the same standards of protection and security by means of standard contractual clauses. We also conduct a full review of all new suppliers’ processes and procedures.
9) How long do we keep your Personal Data?
We hold your personal information for as long as we have a legal or business reason to do so, which generally means as long as you remain our customer or as required to meet our legal obligations. To fulfil our obligations to the NHS or regulatory bodies, we may need to retain your health-related information for a period of time after you cease to be our customer. We will always store your data securely and won’t use it for any other purpose.
10) Your rights
Under the GDPR (General Data Protection Regulation) you have the eight rights listed below:
For more information on these rights, please visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
To exercise your rights, please contact our customer services team and request a call/email from our Data Protection Officer.
If you wish to stop receiving marketing emails you can do so by clicking the unsubscribe link on any of the marketing emails you receive or by contacting our customer service team.
Please note that withdrawing your consent will not affect the lawfulness of the processing before the withdrawal.
Making a complaint with the Information Commissioner’s Office
If you think that any of our processing activities violates data protection laws, you can lodge a complaint with the (www.ico.org.uk).
11) Other Information
Our website may contain links to external websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
Find out more about protecting your information and staying safe online: https://www.getsafeonline.org/get-safe-top-10/
12) Changes to our Privacy Policy
We may change this Privacy Policy from time to time by posting the updated version of the Privacy Policy here so we recommend that you check this page regularly. The date of the current Privacy Policy can be found at the top of this page.