Healthxchange Pharmacy UK Limited
(www.healthxchange.com)
COOKIE POLICY
Last updated:
June 2026
Contents
- 1. What Are Cookies?
- 2. Data Controller
- 3. How We Obtain Your Consent
- 4. How to Change or Withdraw Your Consent
- 5. Cookie Categories We Use
- 6. Full Cookie Declaration
- 7. Third-Party Providers
- 8. How Long Do Cookies Last?
- 9. Disabling Cookies via Your Browser
- 10. Changes to This Cookie Policy
- 11. Contact and Complaints
1. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet or phone) by a website when you visit it. They are widely used to make websites work efficiently, to remember your preferences, and to provide information to the website operator. This Cookie Policy explains what cookies and similar technologies (such as local storage, session storage, and IndexedDB) are used on www.healthxchange.com and shop.healthxchange.com, why we use them, and how you can control them. It should be read alongside our Privacy Policy.
2. Data Controller
This Website is operated by Healthxchange Pharmacy UK Limited, a company registered in England and Wales at 1st Floor Sackville House, 143-149 Fenchurch Street, London, EC3M 6BL (company number 01999872). Healthxchange’s registration number with the UK Information Commissioner’s Office is ZB137616. If you have any questions about this Cookie Policy or our use of cookies, please contact the Data Protection Officer at dpo@healthxchange.com.
3. How We Obtain Your Consent
When you first visit our Website, a consent banner (provided by Cookiebot by Usercentrics) will appear. This gives you a clear choice:
- Allow — consent to all cookie categories
- Deny — decline all non-essential cookies (only strictly necessary cookies will be set)
- Details tab — choose which categories you consent to individually (Statistics, Marketing)
Non-essential cookies will not be placed on your device until you have given your consent. If you click Deny, only cookies that are strictly necessary for the Website to function will be used. All non-essential cookie categories default to off and require your active opt-in before they are enabled. Our Website uses Google Consent Mode, which means that advertising and analytics signals are only passed to Google’s platforms after you have given your consent.
4. How to Change or Withdraw Your Consent
You can change or withdraw your cookie consent at any time. Consent must be as easy to withdraw as it was to give. To change your preferences:
- Click the Cookiebot privacy trigger icon (the small floating icon at the bottom of the screen), or
- Click the “Manage Cookies” link in the website footer
Either option will reopen the consent dialog, allowing you to change your selections or withdraw consent entirely. When you withdraw consent for a cookie category, those cookies will be deleted from your device. You can also control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, the consent tool described above is the easiest and most reliable way to manage your preferences on this Website.
5. Cookie Categories We Use
5.1 Strictly Necessary Cookies
These cookies are essential for the Website to function. They enable core features including bot protection, load balancing, CSRF security, session state, and the storage of your consent preferences. The Website cannot operate properly without them, and they cannot be declined. Examples include: the Cookiebot consent cookie, Cloudflare bot protection cookies, Microsoft Azure load balancer cookies, and session and security cookies set by healthxchange.com.
5.2 Statistics Cookies
These cookies collect information about how visitors use the Website — which pages are visited, how long sessions last, and where errors occur. This helps us improve the Website and your experience. These cookies are only set after you have given your consent. Our statistics cookies include tools that provide:
- Page-level analytics (Google Analytics, Google Analytics 4 — three active properties)
- Session recording and heatmaps (Hotjar) — Hotjar may visually record how you interact with the Website, including mouse movements, clicks, and scrolling. Recordings are used solely to identify usability issues and improve the Website. No password fields or payment details are captured.
- Session recording and heatmaps (Microsoft Clarity) — as above, used solely for Website improvement purposes.
- Error monitoring and session replay (Sentry)
- Embedded video interaction tracking (Vimeo)
- Font usage tracking (Adobe Typekit — anonymised, no visitor data)
- Internal visit and activity tracking (healthxchange.com first-party cookies)
5.3 Marketing Cookies
Marketing cookies are used to track visitors across websites, to measure the performance of advertising campaigns, and to build a profile of your interests so that relevant advertisements can be shown to you. These cookies are only set after you have given your consent. Our marketing cookies include tools operated by:
- Meta / Facebook (Facebook Pixel — ad delivery, real-time bidding and conversion tracking)
- Google (Google Ads / DoubleClick — ad targeting and conversion tracking)
- Microsoft (Bing UET — ad conversion tracking and visitor targeting across Microsoft / Bing Ads)
- LinkedIn (LinkedIn Insight Tag — B2B ad conversion tracking and audience building)
- Emarsys / Scarab Research (email marketing retargeting and ad personalisation)
- Shopify (behavioural data collection for ad relevance via shop.healthxchange.com)
You can decline all marketing cookies by clicking “Deny” on the consent banner or by deselecting the Marketing category in the cookie settings.
5.4 Unclassified Cookies
The Cookiebot declaration currently lists a small number of items as unclassified while they are being reviewed and categorised. We aim to keep this number to a minimum and to resolve all pending items promptly.
6. Full Cookie Declaration
A detailed, auto-updated list of every cookie and storage item in use on this Website — including its name, provider, purpose, and expiry — is maintained by Cookiebot and is embedded at the bottom of this page. This declaration is automatically updated each time Cookiebot scans the Website, so it always reflects the cookies currently in use. The most recent scan date is shown at the top of the declaration. As of the last scan (11 May 2026), 59 items were declared across 5 categories.
7. Third-Party Providers
The following third-party providers set cookies or similar technologies on this Website. Each operates under its own privacy policy:
| Provider | Purpose | Further Information |
|---|---|---|
| Cloudflare | Bot protection and CDN (CAPTCHA, load balancing) | cloudflare.com/privacypolicy |
| Cookiebot / Usercentrics | Cookie consent management | cookiebot.com/en/privacy-policy |
| Google (Analytics, Ads, Tag Manager, DoubleClick) | Website analytics, ad conversion tracking, ad targeting | policies.google.com/privacy |
| Hotjar | Session recording and heatmaps | hotjar.com/legal/privacy |
| Microsoft (Clarity, Azure, Bing UET) | Session recording, load balancing, Bing Ads conversion tracking | privacy.microsoft.com |
| Meta Platforms (Facebook) | Ad targeting and conversion tracking via Facebook Pixel | facebook.com/privacy/policy |
| B2B ad conversion tracking via LinkedIn Insight Tag | linkedin.com/legal/privacy-policy | |
| Emarsys / Scarab Research | Email marketing automation and ad retargeting | emarsys.com/privacy-policy |
| Adobe Typekit | Web fonts (anonymised font usage tracking) | adobe.com/privacy/policies/typekit |
| Sentry | Error monitoring and session replay for internal analysis | sentry.io/privacy |
| Algolia | Site search functionality | algolia.com/policies/privacy |
| Salesforce (Experience Cloud) | CRM integration — data flow under review | salesforce.com/company/privacy |
| Trustpilot | Reviews widget | legal.trustpilot.com/for-reviewers/end-user-privacy-terms |
| Boost Toad | Analytics / tag management — purpose under review | Contact DPO for details |
| Shopify (shop.healthxchange.com) | E-commerce platform, behavioural analytics | shopify.com/legal/privacy |
8. How Long Do Cookies Last?
Cookies have different lifespans:
- Session cookies are deleted automatically when you close your browser.
- Persistent cookies remain on your device for a set period (from one day to two years, depending on the cookie) or until you delete them.
- Local storage and IndexedDB items persist until cleared by the Website or by you through your browser settings.
The specific expiry for each item is shown in the Cookiebot cookie declaration embedded in Section 6.
9. Disabling Cookies via Your Browser
Most browsers allow you to refuse to accept cookies and to delete cookies already stored. The methods vary by browser; you can find up-to-date guidance via your browser’s Help function or at www.allaboutcookies.org. Please note that blocking strictly necessary cookies will affect the functionality of this Website. You can manage non-essential cookie preferences specifically for this Website using the Cookiebot privacy trigger icon at the bottom of the screen.
10. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use or for legal, regulatory, or operational reasons. The “Last updated” date at the top of this page shows when the policy was most recently revised.
11. Contact and Complaints
If you have any questions about this Cookie Policy, please contact: Data Protection Officer Healthxchange Pharmacy UK Limited 1st Floor Sackville House, 143-149 Fenchurch Street, London, EC3M 6BL Email: dpo@healthxchange.com If you are unhappy with how we handle cookies or your personal data, you have the right to complain to the UK Information Commissioner’s Office (ICO): Information Commissioner’s Office www.ico.org.uk