GDPR Notice

Controller and Contact Details

The data controller for CheapoDrugs Info is Nicola Foley.

Postal address: 20-22 Wenlock Road, LONDON, N1 7GU, United Kingdom.

Email: [email protected]

For all requests concerning personal data, including the exercise of your rights under the UK GDPR and the Data Protection Act 2018, please contact us using the details above.

Scope and Role

This notice explains how CheapoDrugs Info processes personal data collected via our website and related communications. We act as a data controller for such processing.

CheapoDrugs Info is an informational resource on pharmaceuticals, diseases, and medications. We do not sell medicines or operate an online pharmacy. This notice does not cover the privacy practices of third-party websites or services that may be referenced from our content.

Categories of Personal Data Processed

Data You Provide

- Contact details (such as name, email address) when you correspond with us.

- The content of your communications and any files you submit.

- Preferences, consents, and records of your requests.

Data Collected Automatically

- Technical and usage data such as IP address, device and browser type, operating system, pages visited, time and date, referrer URL, and cookie identifiers.

- This information is collected through server logs, essential cookies, and, where you consent, analytics technologies.

Special Category Data

We do not seek to collect health or other special category data. Please avoid sharing sensitive information in free-text fields. If you choose to disclose such information, we will process it only where strictly necessary and based on your explicit consent or another applicable legal condition, and we will minimize and secure it appropriately.

Purposes and Lawful Bases of Processing

• Operating, maintaining, and securing our website, including fraud prevention and diagnostics — lawful basis: legitimate interests (to provide a reliable and secure service).
• Responding to enquiries and providing user support — lawful basis: legitimate interests (to respond to requests and maintain user relationships).
• Measuring and improving site performance and content quality — lawful basis: legitimate interests; for optional analytics cookies and similar technologies — consent.
• Managing consent preferences and complying with legal obligations related to privacy, data protection, and electronic communications — lawful basis: legal obligation and legitimate interests.
• Establishing, exercising, or defending legal claims and handling compliance matters — lawful basis: legitimate interests and/or legal obligation.
• Processing any special category data you voluntarily provide — lawful basis: explicit consent (where applicable and necessary).

Cookies and Similar Technologies

We use essential cookies that are necessary for the website to function (for example, to enable basic security and access controls). With your consent, we may use optional analytics technologies to understand aggregate usage and improve our services.

You can withdraw or modify your consent at any time. You can also control cookies via your browser settings. Disabling certain cookies may affect website functionality.

Recipients and Disclosure

We may share personal data with trusted service providers acting as processors, such as website hosting, IT support, security, and (where consented) analytics providers. We may also share data with professional advisers (legal or accounting) and with authorities where required by law or to protect rights, safety, and security.

All processors are engaged under written contracts that require appropriate confidentiality, security, and data protection commitments in accordance with the UK GDPR.

International Transfers

Where personal data is transferred outside the UK (and, where relevant, the EEA), we ensure appropriate safeguards are in place, such as UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or Standard Contractual Clauses with the UK Addendum. Copies or summaries of relevant safeguards are available on request.

Retention Periods

• Server and security logs: retained for up to 12 months, unless extended for incident investigation.
• General enquiries and correspondence: retained for up to 36 months from the date of our last interaction, unless a longer period is required for legal or regulatory purposes.
• Consent records and preference logs: retained for up to 6 years from the last action evidencing consent or withdrawal.
• Cookies: retained according to their specific lifespan (e.g., essential session cookies expire when you close your browser; optional analytics cookies, where used with consent, may persist for up to 13 months).

We will retain data longer where necessary to comply with legal obligations or to establish, exercise, or defend legal claims. When retention ends, data is securely deleted or anonymised.

Your Rights Under the UK GDPR

• Right of access: to obtain confirmation and a copy of your personal data.
• Right to rectification: to correct inaccurate or incomplete data.
• Right to erasure: to request deletion in certain circumstances.
• Right to restriction: to limit processing in certain cases.
• Right to data portability: to receive data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible and applicable.
• Right to object: to processing based on legitimate interests, including profiling, and to direct marketing (if ever conducted).
• Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.
• Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your rights, please contact us at [email protected] or by post to the address listed above. We may need to verify your identity before fulfilling your request.

We will respond without undue delay and in any event within one month of receipt. Where requests are complex or numerous, we may extend the response period by up to two further months and will inform you of any extension. Requests are handled free of charge unless manifestly unfounded or excessive.

Security of Processing

We implement appropriate technical and organisational measures designed to protect personal data, including access controls, data minimisation, encryption in transit, secure configurations, and retention controls. While we strive to safeguard data, no method of transmission or storage is entirely secure.

Children’s Privacy

Our content is intended for a general audience and is not directed at children. We do not knowingly collect personal data from children under 13 years of age. If you believe a child has provided personal data to us, please contact us so that we can take appropriate steps.

Automated Decision-Making and Profiling

We do not carry out decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

Third-Party Links

Our website may reference third-party resources. We are not responsible for the privacy practices or content of third-party sites or services. We encourage you to review their privacy information before providing personal data.

Complaints to the Supervisory Authority

If you are dissatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). We encourage you to contact us first so we can attempt to resolve your concerns.

Data Protection Governance

We continually review our data protection practices and maintain records of processing activities appropriate to our size and risk profile. We have not appointed a Data Protection Officer; enquiries should be directed to the controller using the contact details above.

Changes to This Notice

We may update this notice from time to time to reflect changes in our processing or legal requirements. Material changes will be indicated on this page with an updated effective date.

Effective date: 14 October 2025