Stellar Online

Privacy Policy

How we collect, use, and protect your personal information

Last updated: January 2026

1. Introduction

Stellar Online ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services.

We are a registered pharmacy with the General Pharmaceutical Council (GPhC) and operate in compliance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

As a pharmacy, we process health-related data which is classified as "special category data" under UK GDPR. We take extra care to protect this sensitive information.

2. Data Controller

Stellar Online Health Ltd (trading as Stellar Online) is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us:

3. Information We Collect

We collect the following types of personal data:

3.1 Information you provide directly

  • Account information: Name, email address, password (encrypted), phone number
  • Delivery information: Postal address, delivery instructions
  • Payment information: Card details (processed securely by our payment provider - we do not store full card numbers)
  • Order information: Products ordered, order history, preferences
  • Communications: Emails, enquiries, feedback, and complaints you send us

3.2 Health-related information (Special Category Data)

As a pharmacy, we may collect health information including:

  • Information about remedies you order
  • Practitioner details if ordering on prescription or recommendation
  • Any health information you voluntarily provide in communications

3.3 Technical information collected automatically

  • IP address and approximate location
  • Browser type and version
  • Device information
  • Pages visited and time spent on our website
  • Cookies and similar technologies (see our Cookie Policy)

4. How We Use Your Information

We use your personal data for the following purposes and legal bases:

4.1 To fulfil our contract with you

  • Process and dispatch your orders
  • Manage your account
  • Provide customer service and respond to enquiries
  • Process refunds and handle returns
  • Send order confirmations and shipping updates

4.2 For our legitimate interests

  • Improve our website and services
  • Prevent fraud and security issues
  • Analyse website usage and performance
  • Train our staff to provide better service

4.3 To comply with legal obligations

  • Maintain pharmacy records as required by law
  • Respond to regulatory enquiries
  • Report adverse events to the MHRA if required
  • Comply with tax and accounting requirements

4.4 With your consent

  • Send marketing communications (you can opt out at any time)
  • Set non-essential cookies

4.5 Processing of health data

We process health-related special category data under the following legal bases:

  • Explicit consent: Where you provide health information voluntarily
  • Healthcare purposes: Where processing is necessary for the provision of healthcare services (Schedule 1, Part 1, Paragraph 2 of the Data Protection Act 2018)
  • Substantial public interest: Where processing is necessary for reasons of public interest in the area of public health

5. Who We Share Your Data With

We may share your personal data with:

5.1 Service providers

  • Delivery companies: Royal Mail and courier services to deliver your orders
  • Payment processors: To securely process your payments
  • IT service providers: For website hosting, maintenance, and security
  • Email service providers: To send order confirmations and communications

5.2 Professional parties

  • Healthcare practitioners: If you request us to share order information with your practitioner
  • Regulatory bodies: Such as the GPhC or MHRA where required by law
  • Legal and professional advisers: Where necessary for legal proceedings or advice

5.3 Legal requirements

We may disclose your data where required by law, court order, or regulatory requirement.

We do not sell your personal data to third parties.

6. International Transfers

Your personal data is primarily stored and processed within the United Kingdom. Where we use service providers based outside the UK, we ensure appropriate safeguards are in place:

  • Transfers to countries with adequate data protection laws recognised by the UK
  • UK International Data Transfer Agreements (IDTA) or UK Addendum to Standard Contractual Clauses
  • Other approved transfer mechanisms under UK data protection law

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Account information: While your account is active, plus 6 years after closure
  • Order records: 6 years from the date of transaction for tax and legal purposes
  • Pharmacy records: As required by pharmaceutical regulations (typically 2-6 years depending on the type of record)
  • Marketing preferences: Until you withdraw consent
  • Website analytics: Typically 26 months

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data (subject to legal obligations)
  • Right to restriction: Request we limit how we use your data
  • Right to data portability: Request your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent

To exercise any of these rights, please contact us at orders@stellaronline.co.uk. We will respond within one month.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure, encrypted storage of passwords
  • PCI-DSS compliant payment processing
  • Access controls and staff training
  • Regular security assessments
  • Secure disposal of data when no longer needed

10. Cookies

We use cookies and similar technologies on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

11. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you are under 16, please do not provide any personal information without parental consent. If we become aware that we have collected data from a child under 16 without appropriate consent, we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. The "Last updated" date at the top indicates when the policy was last revised.

13. Complaints

If you have concerns about how we handle your data, please contact us first at orders@stellaronline.co.uk. We will try to resolve your concern.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

  • Website: www.ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact: