By on September 4, 2023

Scope and Controller

This Data Protection Notice describes how Meds-Easy.com: Your Pharmaceuticals Guide ("Meds-Easy.com," "we," "us," or "our") processes personal data in accordance with the European Union General Data Protection Regulation (GDPR) and applicable United States privacy laws. This Notice applies to personal data collected through meds-easy.com and related communications.

Controller: Lila Kensington, 1111 110th Ave NE, Bellevue, WA 98004, United States. Primary privacy contact: [email protected].

We are a U.S.-based informational website and do not operate as a pharmacy or sell medications. We do not require users to create accounts to access content.

Categories of Personal Data Collected

  • Contact Data: name, email address, and any other details you provide when contacting us.
  • Browsing and Device Data: IP address, device identifiers, browser type, operating system, pages viewed, referring URLs, date/time stamps, and approximate location derived from IP address.
  • Content You Provide: the text of inquiries or feedback you submit, which may incidentally include health-related information if you choose to provide it.
  • Cookies and Similar Technologies Data: identifiers and preferences associated with cookies, pixels, and local storage.
  • Administrative and Compliance Data: records necessary for security, fraud prevention, legal demands, or rights requests.

Sources of Personal Data

  • Directly from you when you contact us or submit information.
  • Automatically from your device and browser through cookies and similar technologies.
  • From service providers (e.g., analytics) that help us operate and improve the site.

Purposes and Legal Bases for Processing

GDPR Legal Bases

  • Consent: placing or reading non-essential cookies; processing optional health-related information you voluntarily submit; sending marketing communications where applicable.
  • Legitimate Interests: operating, maintaining, and improving our website; measuring audience and performance; preventing fraud and ensuring security; responding to your inquiries. We balance these interests against your rights and expectations.
  • Legal Obligations: complying with applicable laws, regulations, and lawful requests.
  • Contractual Necessity: providing requested communications or services you ask us to perform.

U.S. Business Purposes

  • Site operation, security, debugging, and fraud prevention.
  • Analytics, research, and service improvement.
  • Communications in response to your requests.
  • Compliance with legal, regulatory, and audit requirements.

We may de-identify or aggregate data for research, analytics, and service improvement. We will not attempt to re-identify de-identified data except as permitted by law.

Cookies and Similar Technologies

We use cookies, pixels, and similar technologies to operate our site, remember preferences, measure traffic, and understand content performance. You may manage cookies via your browser settings and, where available, through our on-site cookie choices interface. If your browser sends a Global Privacy Control (GPC) signal, we will treat it as a request to opt out of sale/sharing and targeted advertising to the extent required by applicable U.S. state laws.

Do Not Sell or Share and Targeted Advertising

We do not sell personal information for money. We may allow certain third-party analytics or advertising partners to collect browsing data via cookies or similar technologies, which could be considered a "share" or use for targeted advertising under some U.S. state laws.

You may opt out of sale/sharing and targeted advertising by adjusting your cookie preferences, enabling GPC in a supported browser, or contacting us at [email protected]. We will honor such opt-out requests as required by law.

Data Sharing and Disclosures

  • Service Providers: hosting, security, analytics, and support providers that process data on our behalf under contractual safeguards.
  • Analytics and Measurement Partners: to understand site usage and improve content.
  • Legal and Compliance: to comply with laws, respond to lawful requests, and protect rights, safety, and property.
  • Business Transfers: in connection with a merger, acquisition, or asset transfer, subject to appropriate safeguards.

We do not disclose your contact details to third parties for their direct marketing independent of us.

International Data Transfers

We are located in the United States and process data primarily in the United States. If you are in the EEA, UK, or Switzerland, your data may be transferred to countries that may not provide the same level of data protection as your home jurisdiction. Where required, we implement appropriate safeguards, such as standard contractual clauses with processors, and take reasonable technical and organizational measures to protect your data.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Notice, including security, legal, tax, and accounting requirements, after which it is deleted or anonymized. Typical retention periods vary by category and context, and we regularly review data we hold and remove it when it is no longer needed.

Data Security

We employ administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. While we strive to protect your data, no method of transmission or storage is completely secure.

Sensitive and Health-Related Information

We do not require you to submit health information to use our site. If you voluntarily provide health-related information in a message to us, we process it only for the purpose of responding to your inquiry and in accordance with your consent where required. Meds-Easy.com is not a covered entity or business associate under HIPAA, and the site is not intended for the transmission of Protected Health Information.

Children’s Privacy

Our site is not directed to children under 13, and we do not knowingly collect personal information from them. If we learn that a child under 13 has provided personal information, we will delete it promptly. Parents or guardians who believe a child has provided personal information may contact us at [email protected].

Your Rights

GDPR (EEA/UK/CH) Rights

  • Access: obtain confirmation and a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion in certain circumstances.
  • Restriction: request restriction of processing under specific grounds.
  • Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
  • Objection: object to processing based on legitimate interests and to direct marketing.
  • Withdraw Consent: withdraw consent at any time where processing is based on consent.
  • Complaint: lodge a complaint with a supervisory authority in your habitual residence or place of work.

U.S. State Privacy Rights (e.g., CA, CO, CT, UT, VA)

  • Right to Know/Access: request the categories and specific pieces of personal information we collected about you.
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Delete: request deletion of personal information, subject to exceptions.
  • Right to Opt Out: opt out of sale/sharing of personal information and targeted advertising.
  • Right to Data Portability: receive certain information in a portable format.
  • Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information for purposes requiring a right to limit under California law.
  • Non-Discrimination: we will not discriminate against you for exercising your rights.
  • Appeal: residents of certain states may appeal our decision regarding a request within a reasonable period.

How to Exercise Your Rights

You may submit requests by emailing [email protected]. Please specify the right you wish to exercise and provide sufficient information to verify your identity (e.g., the email address you used to contact us and details of your interaction with our site). We may ask for additional information solely to verify your request.

We aim to respond within the timeframes required by applicable law (e.g., one month under GDPR and 45 days under California law, with permitted extensions where necessary). Authorized agents may submit requests on your behalf where allowed by law, subject to proof of authorization and identity verification.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects, nor do we conduct profiling for such purposes.

Data Protection by Design and Accountability

We maintain policies and technical measures intended to integrate data protection into our processing activities, limit access to personal data, and review processors for appropriate safeguards. We perform risk-based assessments and, where required, data protection impact assessments for higher-risk processing.

Third-Party Links

Our site may contain links to third-party websites or content. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices before providing personal information.

Changes to This Notice

We may update this Notice periodically to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the date of the latest revision on this page. Continued use of the site after an update constitutes acceptance of the updated Notice.

Contact

Controller and Primary Contact: Lila Kensington

Address: 1111 110th Ave NE, Bellevue, WA 98004, United States

Email: [email protected]

Write a comment

Your email address will not be published. Required fields are marked *