GDPR Notice

  • Oct, 15 2025
  • 0 Comments

Data Controller and Scope

This General Data Protection Regulation (GDPR) Notice explains how RxNorth (website: rxnorth.su) processes personal data in the United Kingdom in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The data controller is: RxNorth, owned by Kate Arthy, Tesco Superstore, Angel Drove, ELY, CB7 4DJ, United Kingdom. Email: [email protected].

This notice applies to personal data processed when you visit our website, interact with our content, contact us, or otherwise engage with RxNorth.

Purpose and Context of the Service

RxNorth provides educational, evidence-based information about pharmaceuticals, diseases, medications, dosages, side effects, drug interactions, and related health topics. RxNorth is not a healthcare provider and does not offer medical diagnosis or treatment. Our content is for educational purposes only and should not be used as a substitute for professional medical advice.

Legal Bases for Processing

We process personal data only where a lawful basis applies. Depending on the context, we rely on the following legal bases:

  • Consent: for non-essential cookies/technologies and optional communications where you choose to opt in.
  • Legitimate Interests: to operate, secure, and improve our website; to prevent fraud and abuse; to understand content performance; and to respond to your queries. We balance these interests against your rights and reasonable expectations.
  • Legal Obligation: to comply with UK law and regulatory requirements (e.g., responding to lawful requests).
  • Contract: if we enter into an agreement with you that requires processing (e.g., fulfilling a request you explicitly make that forms part of a contract-like interaction).

Purposes of Processing

  • Website operation and security (e.g., loading pages, preventing misuse, error monitoring).
  • Audience measurement and performance analytics (e.g., understanding which pages are visited and for how long).
  • User communications (e.g., responding to inquiries or feedback you send us).
  • Record-keeping and compliance (e.g., data needed to demonstrate compliance with data protection obligations).

Categories of Personal Data

  • Technical and usage data: IP address, device identifiers, browser type/version, operating system, referral URLs, pages viewed, time spent, timestamps, error logs, and similar diagnostic data.
  • Cookie and similar technology data: identifiers stored and retrieved from your device where permitted.
  • Contact and correspondence data: name, email address, and any information you include when you contact us.

Special Category (Health) Data

We do not seek to collect special category data (including health data). Please do not include personal health information in communications with us. If you voluntarily disclose such information, we will process it only as necessary to respond to your inquiry and based on your explicit consent, which you may withdraw at any time. We will minimize and, where appropriate, delete such information.

Sources of Personal Data

  • Directly from you when you contact us or otherwise provide information.
  • Automatically from your device when you access our website (technical and usage data).

Cookies and Similar Technologies

We use cookies and similar technologies to operate our site and, where permitted, to analyze performance. You can manage non-essential cookies via your browser settings and applicable consent controls (where provided). Categories may include:

  • Strictly necessary cookies: required for basic site functionality and security.
  • Performance/analytics cookies: help us understand how content is used and improve user experience (used only with consent where required).
  • Functional cookies: remember choices to enhance your experience (used only with consent where required).

Advertising cookies are not used for interest-based advertising on RxNorth.

Analytics and Online Identifiers

Where we use analytics, we aim to minimize data, aggregate usage where possible, and apply retention limits. Analytics may collect IP address (which may be truncated or pseudonymized), device and browser information, and interaction metrics. We use this information to understand content performance and improve our service, based on consent where required or legitimate interests where appropriate.

Disclosures and International Transfers

We may share personal data with trusted service providers who act as processors under written contracts, including hosting, security, error tracking, analytics, and communications providers. These processors are bound by confidentiality and data protection obligations and may process data only on our instructions.

Where personal data is transferred outside the UK, we will ensure appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, supplemented as necessary by transfer risk assessments and additional safeguards.

We may also disclose data to competent authorities where required by law, to protect rights and safety, or in connection with a business reorganization.

Data Retention

We retain personal data only for as long as necessary for the purposes described in this notice, including to comply with legal, accounting, or reporting requirements. Typical retention periods are:

  • Technical and usage data: short periods necessary for security, diagnostics, and analytics, after which data is aggregated or deleted.
  • Correspondence data: retained for the duration required to address your inquiry and for a reasonable period thereafter to maintain records of our communications and compliance.

When retention is no longer necessary, data is securely deleted or anonymized.

Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Measures include access controls, encryption in transit where applicable, least-privilege principles, and routine monitoring for anomalies. We regularly review and update our safeguards.

Your Rights Under UK GDPR

Subject to applicable law and certain exemptions, you have the following rights:

  • Access: to obtain confirmation and a copy of your personal data.
  • Rectification: to correct inaccurate or incomplete data.
  • Erasure: to request deletion of your data in specified circumstances.
  • Restriction: to request restriction of processing in specified circumstances.
  • Portability: to receive data you provided in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
  • Objection: to object to processing based on legitimate interests and to direct marketing (we do not conduct direct marketing without consent).
  • Withdrawal of consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Rights related to automated decision-making: you have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

Exercising Your Rights

To exercise your rights or make a privacy request, please contact the controller using the details below. We may need to verify your identity before responding. We aim to respond within one month, extendable by two further months where requests are complex or numerous. We do not charge a fee unless requests are manifestly unfounded or excessive.

Automated Decision-Making and Profiling

RxNorth does not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Children’s Data

Our website is intended for adults. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.

Data Minimisation and Accuracy

We collect only the personal data necessary for the stated purposes and take reasonable steps to keep it accurate and up to date. Please notify us if your contact details change.

Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) and, where required, affected individuals without undue delay.

Changes to This Notice

We may update this notice from time to time. Material changes will be effective upon posting on this page with an updated effective date. Please review this notice periodically.

Contact Information

Data Controller: RxNorth

Owner: Kate Arthy

Postal Address: Tesco Superstore, Angel Drove, ELY, CB7 4DJ, United Kingdom

Email: [email protected]

Complaints to the Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). While you may contact the ICO at any time, we encourage you to contact us first so we can address your concerns promptly.

Effective Date

This notice is effective as of the date of publication and will be reviewed periodically for accuracy and compliance.

Search Keywords
Categories
Archives
Menu

© 2025. All rights reserved.