Privacy Policy

Last updated: 9 June 2026

This Privacy Policy explains how Nexcea Limited ("we", "us", "our") collects and uses personal data when you use RxLens. We are the data controller for that personal data. We are committed to handling your data in line with the UK GDPR and the Data Protection Act 2018.

Note on the dispensing data: the NHS Secondary Care Medicines Data shown in RxLens is aggregate, non-personal data about medicines dispensed by NHS Trusts. It does not contain patient or personal information. This policy concerns the personal data of RxLens users.

1. Who we are

Nexcea Limited, a company registered in England and Wales (company no. 12542772), registered office Adamson House, Wilmslow Road, Manchester, M20 2YY. We are registered with the Information Commissioner’s Office (ICO), registration reference ZA768010. Contact: rxlens@nexcea.com.

2. The personal data we collect

Account data: name, email address, organisation, and password (stored in hashed form).
Billing data: handled by Stripe. We receive limited information such as your billing name, subscription status and the last four digits of your card — we do not store full card details.
Usage data: how you interact with the dashboard (e.g. features used, saved views), and technical data such as IP address, browser type and device information.
Communications: messages you send us and your report/email preferences.

3. How and why we use your data (lawful bases)

To provide the Service — create and manage your account, give access to the dashboard (lawful basis: performance of a contract).
To take payment — process subscriptions and prevent fraud (contract; legal obligation).
To send service and report emails — including the monthly update report you opt into (contract; consent for optional marketing, which you can withdraw at any time).
To improve and secure the Service — analytics, troubleshooting and security (legitimate interests).
To comply with the law — accounting, tax and legal requests (legal obligation).

4. Who we share it with

We share personal data only with service providers who help us run RxLens, under appropriate agreements, including: our payment processor (Stripe), our hosting provider, our email provider, and analytics tools. We may disclose data where required by law. We do not sell your personal data.

5. International transfers

Some providers may process data outside the UK. Where they do, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement / Addendum.

6. How long we keep it

We keep account and billing data for as long as you have an account and for as long afterwards as needed to meet legal, accounting and tax obligations. We then delete or anonymise it.

7. Your rights

Under UK data protection law you have the right to access, correct, erase, restrict or object to processing of your personal data, to data portability, and to withdraw consent where we rely on it. To exercise any right, email rxlens@nexcea.com. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk, though we'd appreciate the chance to help first.

8. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

9. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit and restricted access. No method of transmission or storage is completely secure, but we work to protect your information and to notify you and the ICO of any breach where required.

10. Children

RxLens is not intended for anyone under 18, and we do not knowingly collect their data.

11. Changes

We may update this policy. We will post the updated version with a new date and, where changes are material, take reasonable steps to notify you.

12. Contact

Questions about your privacy: rxlens@nexcea.com.