McCabes Plus App - Privacy Policy
MCCABES Plus Loyalty Program Privacy Policy
1. Who is responsible for the processing of your personal data?
Unless otherwise stated, MCCABES PHARMACY LIMITED, whose registered office is United Drug House, Magna Drive, Magna Business Park, Citywest, Dublin 24, Ireland, Company Registration Number: 342371 ("MCCABES"), PHOENIX PHARMA DIGITAL HUB, S.L. whose registered office in Spain, Barcelona, ul. Carrer Platón, 6 – 08021, Tax Identification Number: B75709493 and PHOENIX PHARMA SE whose registered office in Germany, Meinheim, ul. Pfingstweidstraße 10-12, Tax Number: DE 311 309 783 ("Phoenix", and together with MCCABES "we" or "us") are the joint controllers of your personal data within the scope of the MCCABES Plus loyalty programme ("Service" or "MCCABES Plus" or the “Loyalty Programme”) which is available in the MCCABES Plus mobile app ("App").
Your personal data will be processed in accordance with the Data Protection Act 2018.
You can contact the Data Protection Officer of MCCABES and Phoenix at the above postal addresses or at Datapro@mccabespharmacy.ie.
2. What data do we process, for what purposes and what is the legal basis?
2.1. Access to and use of our App
When you access and use our App, we automatically collect the following data without your intervention:
§ Device information: type, model, operating system version, device language, and region;
§ Network and connection information: IP address, network type, date and time of access;
§ The version of the App you're using; and
§ Tracking information: device operating system (Android or iOS), tracking ID (unique identifier), your client ID, the page or section of the App where the action occurred, the action performed (clicks, views, closing the screen or stopping the view on an app element), timestamp (date and time when the action took place).
We store this data on our server for the following purposes:
§ in order to maintain a stable connection;
§ to enable the proper functioning of the App, for example, to stay logged in, save your settings and parameters, synchronize data across devices, and enable basic functions;
§ to improve performance and correct errors, for example, identifying performance issues and monitoring application crashes or bugs;
§ to assess the security and stability of the system; and
§ for security purposes, for example, detecting suspicious or fraudulent activity, monitoring unauthorized access attempts, preventing misuse of the system.
Legal basis: Performance of a contract for the use of our Service. In addition, we process this data on the basis of our legitimate interest to ensure the proper presentation of our Service, to protect our systems and to prevent unauthorized access to the App.
Storage period: The data described above is stored for as long as your account is active. If the account remains inactive for a period of five (5) years, it will be deleted.
2.2. Registration and User Account
A user account is part of the Service and must be created in the App. Once you have registered, you can use your account in both the App.
When registering for MCCABES Plus, the following personal data is processed:
§ name;
§ surname (optional);
§ date of birth;
§ e-mail address;
§ mobile phone number;
§ gender; and
§ your desired consents.
We process the data collected during registration for the following purposes:
§ to create, verify, and securely manage your user account;
§ to send you notifications, account updates, or responses to your inquiries;
§ verify your identity by sending a validation code with each login;
§ to record, manage and comply with your desired consents in relation to marketing and the use of data. Within the account, you can set the parameters of communication. If you do not wish to receive commercial communications, the data provided during registration will only be used for account-related notifications; and
§ to check if you meet the age requirements to use the Service.
Legal basis: Performance of a contract, i.e. we process your data in order to provide you with our Service.
In order to protect the registration and login process, we process the following data:
§ e-mail address or mobile phone number;
§ time spent on the registration page;
§ the name and version of the operating system of the device on which the browser is installed;
§ the date and time of the attempted registration/login; and
§ information on whether the registration/login attempts were successful.
Legal basis: This data is processed on the basis of our legitimate interest in ensuring the safe and proper functioning of our Service, protecting our systems and preventing unauthorised access.
Storage period: The above data will be processed as long as your account is active. If the account remains inactive for a period of five (5) years, it will be deleted.
You can delete your account yourself at any time by clicking on the "delete account" button in the footnote of the "Account" section of the App or by contacting the MCCABES Infoline at Datapro@mccabespharmacy.ie.
You can also withdraw your consent to the processing of health data under "Account" / "Health Data" in the App.
After deleting your account, your personal data will be archived and retained for the next five years for the sole purpose of resolving potential lawsuits. When this retention period expires, your personal data will be permanently deleted.
2.3. Choosing your favourite pharmacy
Once you have completed the registration, we will also process the details of your preferred pharmacy.
This information allows us to:
§ personalize your experience: customize promotions, events, loyalty rewards, and offers specific to your chosen pharmacy location; and
§ We optimize the availability of services: We prioritize the availability of goods and services at the selected location.
Legal basis: The processing is necessary for the performance of a contract, in particular to provide you with personalized promotions and services within the framework of our Loyalty Programme.
Storage period: The data will be retained as long as your account is active. If the account remains inactive for a period of 5 years, it will be deleted and this information will be anonymized.
2.4. Identification at the pharmacy
If you are a member of MCCABES Plus, you can identify yourself at the checkout when you visit one of our pharmacies. In such cases, we collect the following data:
§ Client ID;
§ pharmacy you visited;
§ the products you have purchased or returned, including the type, quantity and price;
§ coupons used during the purchase;
§ the total amount of the bill;
§ the time of the transaction and the payment method used; and
§ names of purchased medicines — Please note that this information may indirectly reveal aspects of your health status.
This data allows us to:
§ link your purchases to your loyalty account for the proper application of your benefits (points, discounts and personalized offers);
§ analyze your shopping behavior in order to improve our offer and provide personalized promotions or reminders based on your interests and the pharmacy you choose;
§ optimize the availability of goods at your desired location;
§ support internal reporting processes and provide assistance with any customer inquiries or potential claims; and
§ Award digital loyalty points: Purchases at participating pharmacies automatically earn digital points, which you can exchange for in-app reward coupons.
Legal basis: We process the above data on the basis of the contractual relationship established when you join MCCABES Plus.
For health data, the legal basis is your explicit consent given at the time of registration. You can withdraw this consent at any time in the "Account" / "Health Data" sections of the App. Please note that withdrawing consent will lead to the deletion of your account and you will no longer be able to identify yourself at the pharmacy.
Storage period: This data will be processed as long as your account is active. If the account remains inactive for five years, it will be deleted and the information will be anonymized.
2.5. Determining interest in products and displaying personalized advertising
To provide you with a personalized user experience, we identify which products, promotions, and services may be of interest and relevance to you. This is based on the following data:
- Client ID;
- previous purchases (not including prescription drugs): e.g. products purchased or returned by type, quantity and price;
- demographic data: e.g. age, gender, place of residence;
- information stored in your MCCABES Plus account;
- coupons: activated and/or redeemed;
- participating in contests, surveys and promotions;
- product reservations;
- collected and used points;
- information about the use of the application: clicks on links, sections visited, duration and frequency of the session, number of interactions (clicks) and tokens of the application or event; and
- interaction with marketing communications, e.g. the time of opening push notifications, clicks on links, frequency and duration of engagement;
We also analyse data from the MCCABES online shop, such as:
- Usage data, e.g.:
- visited web sections;
- inspected products; and
- frequency and duration of use, number of clicks and scrolling.
- Purchase information, e.g.:
- products purchased or reserved online, including type, quantity, and price;
- the amount of the bill and the time of payment;
- the method of payment used;
- the chosen method of delivery;
- participation in surveys and competitions;
- products stored in the shopping cart; and
- frequency of purchase transactions.
We use statistical analysis techniques to identify your potential interests. To do this, we compare your personal data described above with information from other customers. This helps us understand which products and promotions are likely to appeal to individuals with similar priorities. The insights we gain allow us to deliver personalized advertising and to present you – and others – with offers and discounts that are more relevant to your specific interests.
As part of this process, we also create customer segments as part of our Loyalty Programme. These segments are formed based on common characteristics such as shopping behavior, desired products, and frequency of visits. Segmenting our customers allows us to tailor our marketing actions more effectively, ensuring that our communications and offers are relevant and meaningful to each group. This allows us to design targeted campaigns, offer personalized rewards, and optimize your overall experience as a MCCABES Plus member.
Legal basis: We process this data on the basis of a contractual relationship established when you joined MCCABES Plus.
When it comes to health data, we rely on your explicit consent given during registration. You can revoke this consent at any time via the "Account" / "Health Data" section of the App. Revocation of your consent will result in the deletion of your account and the inability to identify yourself at checkout.
Storage period: Your data will be stored as long as your account is active. If it is not active for a period of five (5) years, the account will be deleted and the data will be anonymized.
2.6. Sending Personalized Advertisements
If you consent to receive our marketing communications, we will send you personalized marketing and/or advertising information related to goods, cosmetics, personal care and children's health products, as well as professional value-added services, etc. We may also invite you participate in surveys to collect your feedback on your experience with the Service, including your satisfaction, suggestions and opinions regarding its functionalities.
For this purpose, we process the following data:
§ all data described above in section 2.5. Determining interest in products and displaying personalized advertising;
§ e-mail address;
§ phone number;
§ your name; and
§ your comments, suggestions, opinions you provide us in the surveys.
Legal basis: Your consent. You can withdraw your consent at any time with future effect by clicking on the "unsubscribe" link at the bottom of any newsletter or by adjusting your parameters in your MCCABES Plus account.
Storage period: The above data will be processed as long as your account is active. If your account remains inactive for a period of five (5) years, it will be deleted and the information will be anonymized.
2.7. In-App enquiries and Surveys
We may also provide voluntary surveys and enquiries within the App to collect your feedback on your experience with the Service, including your satisfaction, suggestions, and opinions regarding its functionalities.
Legal basis: We process this data on the basis of a contractual relationship established when you joined MCCABES Plus.
For health data, the legal basis is your explicit consent given at the time of registration. You can withdraw this consent at any time in the "Account" / "Health Data" sections of the App. Please note that withdrawing consent will lead to the deletion of your account and you will no longer be able to identify yourself at the pharmacy.
Storage period: This data will be processed as long as your account is active. If the account remains inactive for five years, it will be deleted and the information will be anonymized.
2.8. Product reservation
If you book products via the My Medicines function in the app, we process the following information:
- reserved, downloaded or cancelled products, including type, quantity and price;
- the date and status of the reservation;
- selected pharmacy for taking the order;
- your customer ID; and
- name of reserved medications — please note that medication names may indirectly reveal information about your medical condition.
We process this information:
§ to enable you to subsequently purchase reserved products in the selected pharmacy;
§ to provide access to your previous bookings; and
§ to show you special offers tailored to your wishes and interests and to enable you to participate in promotional campaigns.
Legal basis: This processing is based on a contractual relationship between you and us.
When it comes to health data, we rely on your explicit consent given during registration. You can revoke this consent at any time via the "Account" / "Health Data" section of the App. Please note that revoking your consent will result in the deletion of your account and you will no longer be able to use the My Medicines booking feature.
Storage period: The above data will be processed as long as your account is active. If the account remains inactive for a period of 5 years, it will be deleted and the information will be anonymized.
After deletion, your personal data will be archived and retained for an additional period of five (5) years for the sole purpose of resolving any claims that may arise. After this retention period, the data will be permanently deleted.
2.9. Processing of Customer Inquiries and Complaints
Any personal data that you provide to us when submitting a contact form, by phone or by e-mail will be used exclusively for the purpose of processing your inquiry or complaint.
Legal basis: The processing of this data is based on our legitimate interest, which lies in our aim to respond to your queries, solve any problems and ensure customer satisfaction.
If your request relates to the exercise of your rights under data protection law, the legal basis for the processing is our legal obligation to comply with applicable data protection law.
Retention period: We will delete or anonymize all personal data related to general inquiries (e.g. feedback, suggestions, praise or complaints) no later than three and a half (3.5) years after we have given a final response.
If your inquiry relates to the exercise of data protection rights, your data will be archived and stored for a further three and a half (3.5) years solely for the purpose of defending potential legal claims. After this period, your data will be permanently deleted.
2.10. Business Operations Analysis
We create and use data models for a variety of analytical purposes to better understand how our products are marketed in different markets, which elements of our marketing and advertising campaigns are effective or ineffective, and to improve the design of our App and the overall user experience.
This includes an analysis:
§ your previous purchases;
§ your parameters;
§ your interactions with the App;
§ your use of the App function; and
§ your demographic information.
For this analysis, we remove any information that could directly identify you (such as your name, email address, or phone number) and instead use only a unique user identifier. This helps us to minimize the potential risks associated with the processing of personal data.
Legal basis: Our legitimate interest in evaluating and improving our business performance.
Retention period: We will create these data models for as long as you have an active account. After deleting your account, we will only use anonymized data.
In our App, you have the option to use your mobile device's operating system Map Service to find our pharmacies in your local area. This allows interactive maps to be displayed directly in the App.
In order to use the Map Services, the processing of your IP address is required as part of internet communication. It is usually processed on the server of the respective operating system provider. We have no influence on the specific processing of the data. Further information on the purpose and scope of data processing can be found in the data protection notice of the respective provider. There you will also find additional information about your rights and settings to protect your privacy.
Addresses of the provider and data protection notices:
§ Google Maps
o Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
o Privacy Policy: https://policies.google.com/privacy?hl=sr-Latn
o Terms of Service: https://maps.google.com/help/terms_maps.html
§ Apple Maps
o Apple Inc, One Apple Park Way, Cupertino, California, USA.
o Privacy Policy: https://www.apple.com/legal/privacy/de-ww/
o Terms of Use: https://www.apple.com/legal/internet-services/maps/terms-de.html
The use of the Map Services is based on our contractual relationship with you, as well as on our legitimate interest in presenting our offers in an attractive way and in facilitating the finding of the locations we have indicated in the App.
2.12. Links to other Websites and Applications
Our App may contain links to other websites and applications operated by us or other companies belonging to the Phoenix group, selected partners or other third parties. If you click on one of these links, you will be redirected to the website/app or to the corresponding app store.
In order to enable your redirection, we process the following information:
§ your customer ID;
§ information that you have opened a web display.
The links may also contain special tracking techniques that allow the operators of said websites/applications to understand and evaluate where the user has learned about them. We have no influence on the processing of data by these websites/apps. We recommend that you check the relevant privacy policy of each website/application to which you are redirected in order to understand what information about you is processed by the operator.
Legal basis: If we redirect you to one of these websites/applications, we process your personal data in order to fulfil your (technical) request to visit the respective application or website. The legal basis is the performance of pre-contractual steps at the request of the data subject.
Storage period: Personal data is only stored for as long as necessary to complete the redirection process.
2.13. Analysis of User Behaviour
When using the App, we create user segmentation profiles for the purposes of statistical analysis and assign these, if possible, to your person or your e-mail address or customer number. Unless this data is technically necessary to ensure the functionality of the App, we also collect and we use this data only if you have consented to our tracking technologies. This includes the following processing:
· Optimization of the App and its functions
· Improvement of usability and overall user experience
· Analysis of how App features are used.
In order to be able to display interest-based information to you, it is necessary to be able to assign the aforementioned analysis to you as a person. For this purpose, we establish a connection to your customer number from the time the registration is completed. Your consent to the provision of personalized information also covers this processing step.
Technical tracking technologies (required)
The App uses technical tracking technologies that are strictly necessary to ensure its operation, security, and performance. These technologies are used, for example, to detect technical errors, analyze crashes, and monitor performance. This processing does not require consent.
For these purposes, we use:
· Firebase Crashlytics
· Firebase Performance
· Infobip SDK
Statistical tracking technologies (optional)
With your consent, we use statistical tracking technologies to track user actions within the App on a pseudonymous basis. This enables us to better understand how the App is used and to improve its functionality. For this purpose, we use internal tracking application
The processing of statistical data takes place exclusively on a pseudonymous basis. You may withdraw your consent to the use of statistical tracking technologies at any time via the App settings. The legal basis for this processing is your consent.
3. Where does the data come from when it is not provided by the User?
In certain cases, we process personal data that you have not provided directly. This can happen when you register for MCCABES Plus and we identify that you are or have been a member of an existing loyalty program operated by MCCABES.
To ensure a seamless user experience and the continuity of your loyalty benefits, we will perform data pairing between the two programs. This process allows us to verify your status as a loyalty member in another MCCABES loyalty program and, if applicable, to transfer relevant data from the existing program to the new one.
The types of data that can be transmitted include:
- information about the current amount of your loyalty points;
- previous purchases, not including any health information, unless you have given your explicit consent; and
- previous participation in promotions, coupon redemptions, or other loyalty-related activities.
Legal basis: Our legitimate interest in ensuring the continuity of the program, accurate points management, and a consistent user experience.
Storage period: The data received will be stored in accordance with the retention periods defined in this Privacy Policy within the framework of relevant processing activities, for example previous purchases will be processed as long as your account is active.
In addition, when you place an order in MyMeds, the pharmacy where you have chosen to pick up your order will share with us the internal booking ID for your order and the information that you have picked up your order.
Furthermore, if you are an employee of MCCABES and have chosen to receive your employee benefits via the Service, MCCABES will provide us with information confirming your employee status and the amount of applicable discounts.
4. To which recipients do we transfer your personal data?
Your personal data will only be shared with third parties if permitted by law. This is the case if:
§ we have a legitimate interest in sharing your personal data for administrative purposes within the companies belonging to the Phoenix group, and your rights and interests in the protection of your personal data do not outweigh this interest;
§ you made an order in the MyMeds function. We will then send the following personal data to the pharmacy where you have chosen to collect your order:
o booking ID, date and status;
o your customer ID;
o name and surname; and
o product ID, name and quantity;
The company that manages your chosen pharmacy, which may not be MCCABES, processes this data under its own data privacy terms including subsequent processing of the purchase contract;
§ you are obtaining employee benefits via the Service. We will then send the information about the amount of your purchases to MCCABES; and
- we use third parties as data processors that we have carefully selected and who are contractually obliged to process your personal data exclusively in accordance with our instructions, for example: service providers belonging to the Phoenix group and external ones, who manage the data processing described in this Privacy Policy, marketing agencies, cloud service providers, security service providers, public authorities, etc.
5. Transfers to Third Countries
In certain circumstances, it may be necessary to transfer your personal data to recipients located in one or more third countries outside the European Union (EU) and the European Economic Area (EEA).
Some of these third countries have been recognised by the European Commission as providing an adequate level of data protection comparable to that in the EU, in accordance with an adequacy decision. An updated list of such countries is available here (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). For service providers based in the United States, this adequacy finding applies only when the recipient is certified under the EU-U.S. Data Privacy Framework.
In the absence of an adequacy decision, we ensure that such international data transfers are protected by appropriate legal mechanisms. These may include, but are not limited to, binding corporate rules, standard contractual clauses adopted by the European Commission, certification mechanisms, or adherence to approved codes of conduct.
Unless expressly stated otherwise, any transfer of personal data to a third country is carried out on the basis of an adequacy decision or one of the above safeguards. For further information, or if you wish to exercise your data protection rights in relation to international data transfers, you can contact our Data Protection Officer (see section 1 of this Policy).
6. What rights do you have with regard to the processing of your data?
As a personal data owner, you can exercise the following rights at any time and free of charge:
§ To request information about the personal data stored about you;
§ To correct inaccurate or incomplete data. You can do this yourself in the Account section of the App;
§ To request the deletion of your data if it is no longer necessary for the purposes for which it was collected, among other reasons. You can delete your account yourself in the Account section of the App;
§ To request that we restrict the processing of your data when any of the conditions provided for by the data protection regulations are met;
§ For reasons relating to your specific circumstances in relation to the processing of your data, you may object to said processing. MCCABES and Phoenix will cease to process the data unless there are compelling legitimate reasons for not doing so, or for the purpose of processing or defending against possible legal claims;
§ To request portability of your data;
§ Where data processing is based on your consent to withdraw your consent at any time which will affect the data processing from the time you withdraw your consent. You can do this yourself in the Account section of the App; and
§ To file a complaint against MCCABES regarding these rights you can contact the Irish Data Protection Commissioner (www.dataprotection.ie). In addition, if you believe that any of your rights under applicable data protection laws have been violated by either of the Phoenix companies, you can also contact the Spanish Data Protection Agency (www.agpd.es) or the German Data Protection Agency (www.baden-wuerttemberg.datenschutz.de)
