Privacy

  • Oct, 15 2025
  • 0 Comments

Scope and Controller

This Privacy Policy explains how RxNorth (the "Website") collects, uses, discloses, and safeguards personal data in the United Kingdom. It applies to visitors and users who access or interact with the Website and any related services that reference this policy.

The data controller is: RxNorth, owned by Kate Arthy, Tesco Superstore, Angel Drove, ELY, CB7 4DJ, United Kingdom. Contact: [email protected].

By using the Website, you acknowledge this Privacy Policy. Where required by law, we will seek your consent before processing certain personal data (for example, for analytics cookies).

Legal Basis and Framework

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

We rely on the following lawful bases, as appropriate to each purpose: consent, legitimate interests (balanced with your interests and rights), legal obligation, and, where relevant, performance of or steps taken at your request prior to entering into a contract (for example, if you subscribe to a requested service).

Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identification and contact data: name and email address when you contact us or subscribe to updates.
  • Communications data: the content of emails or messages you send to us and our responses.
  • Usage and technical data: IP address, device identifiers, browser type and version, time zone, operating system, pages viewed, referring/exit pages, and interaction data gathered through server logs and similar technologies.
  • Cookie and consent data: information about your cookie preferences and consent choices recorded through our consent tools.
  • Preference data: settings, interests, and feedback you provide (e.g., surveys or optional forms).
  • User-submitted content: comments, queries, or materials you choose to submit to us.
  • Information from third parties and public sources: limited data from service providers (e.g., security or analytics) and publicly available sources, where lawful.

We do not intentionally collect special category data (e.g., health data) through the Website. Please avoid sharing sensitive information in free-text fields or emails.

Purposes and Lawful Bases of Processing

  • Provide and operate the Website, including troubleshooting, support, and availability monitoring (lawful basis: legitimate interests to run and protect our services).
  • Respond to your enquiries and communications (lawful basis: legitimate interests to address user requests; or consent where you request specific follow-up).
  • Send optional updates or newsletters if you sign up (lawful basis: consent; you may withdraw consent at any time).
  • Improve content, functionality, and user experience, including analytics and performance measurement (lawful basis: legitimate interests; where PECR requires, analytics cookies are used only with your consent).
  • Maintain security, detect and prevent fraud or abuse, and ensure integrity of systems (lawful basis: legitimate interests and/or legal obligation).
  • Comply with legal obligations and respond to lawful requests (lawful basis: legal obligation).
  • Create aggregated or anonymised statistics for reporting and service improvement (lawful basis: legitimate interests).

Cookies and Similar Technologies

We use cookies and similar technologies to operate the Website, remember your preferences, and, where you consent, measure performance. You can manage your preferences via our cookie banner or your browser settings.

  • Strictly necessary cookies: essential for core site functions (no consent required under PECR).
  • Functional cookies: remember settings and enhance usability (consent may be required depending on function).
  • Analytics/performance cookies: help us understand how the Website is used (set only with your consent where required by PECR).

We do not currently use advertising cookies. If this changes, we will update this policy and seek consent before setting such cookies.

You may withdraw consent at any time via the cookie banner (where available) or by clearing/adjusting cookies in your browser. Some features may not function properly without certain cookies. We do not respond to Do Not Track signals at this time.

Data Sharing and Recipients

We may share personal data with:

  • Service providers and processors that support our operations (e.g., hosting, analytics, email, security). They process data on our instructions under appropriate contractual safeguards.
  • Professional advisers (e.g., legal and accounting) under confidentiality duties.
  • Regulatory and public authorities when required by law or to protect rights, safety, and security.
  • Successors in interest in connection with a reorganisation, merger, or transfer of assets, subject to continued protection of personal data.

International Transfers

Your personal data may be transferred to and processed in countries outside the UK (and the EEA) that may not provide the same level of data protection. Where such transfers occur, we implement appropriate safeguards, such as UK adequacy regulations, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and supplementary measures where necessary. You may contact us for more information about these safeguards.

Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy and to satisfy legal, accounting, or reporting obligations. Typical retention periods are:

  • Enquiries and correspondence: up to 24 months after the last interaction.
  • Server logs and security records: up to 12 months, unless needed longer for security or legal reasons.
  • Analytics data: up to 26 months or as configured by our analytics tools, when collected with consent.
  • Cookie consent records: up to 24 months (or the life of the relevant cookie).
  • Subscription data: until you unsubscribe or your consent is withdrawn, plus a short period to maintain suppression records.

We may retain anonymised or aggregated data that does not identify you.

Your Rights

Subject to conditions and exemptions under UK GDPR, you have the following rights:

  • Access: to obtain a copy of your personal data and information about how it is processed.
  • Rectification: to correct inaccurate or incomplete data.
  • Erasure: to request deletion of your personal data in certain circumstances.
  • Restriction: to limit processing under specified conditions.
  • Portability: to receive personal data you provided to us in a structured, commonly used, machine-readable format and to request transmission to another controller where technically feasible.
  • Objection: to processing based on our legitimate interests, and to direct marketing at any time.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO). We encourage you to contact us first so we can address your concerns.

How to Exercise Your Rights

To exercise your rights or make a privacy request, please contact us at [email protected] or write to: RxNorth, FAO: Data Protection, Tesco Superstore, Angel Drove, ELY, CB7 4DJ, United Kingdom.

We may need to verify your identity before fulfilling your request. We aim to respond within one month, extendable by two further months where necessary due to complexity or volume. We do not charge a fee unless requests are manifestly unfounded or excessive.

Security

We implement appropriate technical and organisational measures designed to protect personal data, including access controls, encryption in transit, secure configurations, monitoring, and staff awareness. No method of transmission or storage is completely secure; we regularly review and enhance our safeguards.

Children's Privacy

Our services are intended for a general audience and are not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, please contact us to request deletion.

Third-Party Sites and Content

The Website may reference third-party content or services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy information before providing personal data.

Automated Decision-Making

We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects about you.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date below and, where appropriate, notifying you through the Website or by other reasonable means. Your continued use of the Website after changes take effect constitutes acceptance of the updated policy.

Last updated: 14 October 2025

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: RxNorth, owned by Kate Arthy, Tesco Superstore, Angel Drove, ELY, CB7 4DJ, United Kingdom. Email: [email protected].

Search Keywords
Categories
Archives
Menu

© 2025. All rights reserved.