Privacy policy


Galenic Laboratories Limited (company number 11155161), trading as Roseway Labs, is a provider of pharmacy services to private prescribers who are registered to prescribe in the UK. It is registered with the ICO, number 00010413410. Roseway Labs operates from Zetland House, 5-25 Scrutton Street, London EC2A 4HJ. We can be contacted on 03330 505565 or info@rosewaylabs.com.

You are confirming that you agree to the terms of our privacy policy when you use our services or our website. Please contact us at info@rosewaylabs.com if you have any questions.


Patient Data

Personal information, relating to a patient, is passed to us by a prescriber in order to fulfil a prescription or a retail order. The data that is passed includes name, address, contact details, date of birth, any relevant medical history and the items ordered by the prescriber.


Processing patient data

The lawful basis for processing a patient’s personal data is that it is necessary for legitimate interests.

Medical data is classified as ‘sensitive personal data’ and we are required to process this special category data in order to provide healthcare treatment. Our pharmacists, or a technician working under their supervision, are responsible for the processing of sensitive personal data in order to provide the requested treatment.


Use of patient data

We use a patient’s data to provide the goods and services requested by a prescriber, or by the patient directly. This includes fulfilling the prescription and order, taking payments, arranging delivery and providing information updates in relation to the order.

Where a prescriber deems it necessary to pass us relevant medical history, it is to inform our pharmacists about relevant conditions or medicines that a patient may already be taking, which could have an impact on, or interaction with, any prescribed medication. Equally, we may pass information to a prescriber about any adverse reaction or sensitivity to certain ingredients that a patient may have told us about. These exchanges are made with the purpose of safeguarding health and improving the personalisation of the medication.

We only work with prescribers who have agreed to our terms and conditions, which expressly lay out each party’s responsibilities with regard to patient data. Equally, contracts govern the way that data is managed by our third-party suppliers.


Storing patient data

We retain records of patient data on our systems, which are protected by password access and securely hosted on cloud-based servers within the EU.

Under the Human Medicine Regulations 2012, we have a legal duty to retain records for a minimum period of five years and in some cases, for longer.


Sharing patient data

Patient data will not be shared with other organisations unless it is necessary for the provision of our or related services, such as delivering the order or where there is a legal requirement to do so. In these situations, we provide only that information which is essential to deliver the service or comply with the law.

Roseway Labs will not sell the data that it holds to anyone, for any reason. Any third-party organisation with access to patient data is not allowed to use it for their own commercial purposes.

Hence, a patient or prescriber should never be contacted by one of our third-party suppliers for marketing purposes or any purpose other than that related to the service they are providing for Roseway Labs. If contact is made for a reason other than delivering the designated service, the recipient should inform Roseway Labs as soon as is practicable and action will be taken.



We take the responsibility of looking after patient data, seriously. We operate in a secure office, within a secure building. Our operating procedures are designed to protect the data we hold and we have appropriate security measures in place to protect our physical and electronic systems from unauthorised access or use.

Transferring data to a third party for a particular service requirement, such as delivery, may involve using the telephone, email or internet. Whilst we have data agreements in place with our suppliers, we cannot be held liable for breaches of data security through use of these communication channels.

Roseway Labs is helping to pilot a new way of protecting electronically archived data, which would significantly decrease the risk of security breaches.


Right to request access

Any patient, whose records we hold, can request a copy of their personal information. Roseway Labs must provide this within one month of the request being made and, in most circumstances, there will be no charge.

When making a request, we will need to identify the requestor (in order to detect any fraudulent requests). As well as basic personal information, we would need to see either a current and valid passport or a current driving license photocard.


Right to request changes

Any patient has the right to request a change to their personal data held by Roseway Labs, where they believe that data is incorrect. The request must first be made in writing to info@rosewaylabs.com, clearly stating what change is requested and the reason for it. Roseway Labs has the right to request proof to validate the request or to decline the request, should there be insufficient evidence to endorse the change.


Changes to the Privacy Policy

We regularly review and where necessary, update our privacy information. If we plan to use data for a new purpose, we would communicate these changes to all individuals before starting any new processing. Please check this privacy policy from time to time, to see whether any changes have been made.


Marketing communications

We require individual permission to send our marketing information and updates to patients and prescribers. We will never sell personal or medical data to a third party.



We are always receptive to your concerns and feedback regarding our services or products. Any complaint will be dealt with formally if it is received in writing, in accordance with our internal complaints procedure. Outcomes will be communicated to the complainant in writing and if no further correspondence is received within 28 days, the matter will be deemed to have been resolved.