Written By Nicola Foley Tagged As

Scope and Controller

This Privacy Policy explains how CheapoDrugs Info (cheapodrugs.su) collects, uses, discloses, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). This website provides informational content on pharmaceuticals, diseases, medications, and related topics. We do not sell medicines.

The data controller is: CheapoDrugs Info, owned by Nicola Foley, 20-22 Wenlock Road, London, N1 7GU, United Kingdom. Contact: [email protected].

We have not appointed a statutory Data Protection Officer. Questions about this Policy or your data can be directed to the controller using the contact details above.

Definitions

“Personal data” means any information relating to an identified or identifiable person. “Processing” means any operation performed on personal data (e.g., collection, storage, use, disclosure). “Controller” means the person or entity that determines the purposes and means of processing.

Personal Data We Collect

Data you provide to us

  • Contact information: name, email address, and any other details you include when you email us or submit feedback.
  • Content of communications: the information you include in your messages, including questions about conditions, medications, or feedback about our content. Please avoid sharing unnecessary sensitive information.
  • Consent preferences: records of your cookie choices and any other consent you provide.

Data we collect automatically

  • Technical data: IP address, device identifiers, browser type and version, operating system, language settings, referring URLs.
  • Usage data: pages viewed, time spent, navigation paths, interaction data (e.g., clicks), timestamps, and error logs.
  • Cookies and similar technologies: small files and tags used for essential site functions, analytics, and your preferences. See “Cookies and Similar Technologies.”

Data from third parties

  • Service providers: aggregated or pseudonymised analytics from our analytics providers.
  • Security partners: information used to protect against fraud, abuse, or attacks (e.g., threat intelligence, blacklists).

Purposes of Processing and Legal Bases

  • Provide and operate the website: to deliver pages, maintain availability, and ensure core functionality. Legal basis: legitimate interests (running an informational website); necessary for performance of a service you request.
  • Respond to enquiries: to handle emails and requests you send. Legal basis: legitimate interests (responding to messages and improving our content); consent where you provide special category data.
  • Analytics and performance: to understand usage, improve content quality, and fix issues. Legal basis: consent for non-essential cookies/analytics under PECR; legitimate interests for aggregated insights where permitted and strictly necessary diagnostics.
  • Security and prevention of abuse: to detect, prevent, and investigate malicious activity or violations of law. Legal basis: legitimate interests (ensuring the security and integrity of our services); legal obligation where applicable.
  • Compliance and record-keeping: to comply with legal obligations and maintain records of consents and requests. Legal basis: legal obligation; legitimate interests (demonstrating compliance).

Where we rely on legitimate interests, we balance our interests with your rights and freedoms and apply appropriate safeguards. You may object to processing based on legitimate interests (see “Your Rights”).

Cookies and Similar Technologies

We use cookies, pixels, and similar technologies to operate the site, remember your preferences, and, where you agree, to measure and improve the performance of our content. Under PECR, we will only set non-essential cookies (e.g., analytics) with your consent.

Types of cookies

  • Strictly necessary: required for core functionality (e.g., load balancing, security). These do not require consent.
  • Functional: remember choices such as cookie preferences.
  • Analytics: help us understand how visitors use our site to improve content and usability.

Managing your cookies

  • You can manage non-essential cookies via any consent banner or settings we provide.
  • You can also control cookies through your browser settings, including blocking or deleting cookies. Blocking some cookies may affect site functionality.

Special Category Data (Health Information)

Our site is informational and does not require you to provide health data. If you choose to include health information or other special category data in communications, we will process it only with your explicit consent, to respond to your enquiry, and we will minimise and delete such data where feasible. Please avoid sending sensitive information unless strictly necessary.

Children’s Privacy

Our content is intended for a general audience and is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, please contact us so we can delete it.

Sharing and Disclosure of Personal Data

  • Service providers: hosting, security, analytics, and communications providers that process data on our behalf under contracts that require confidentiality and appropriate safeguards.
  • Legal and compliance: law enforcement, regulators, or courts when required by law or to protect our rights, users, or the public.
  • Business transfers: if we undergo a reorganisation, we will ensure any successor continues to protect your data in line with this Policy.

We do not sell or rent your personal data.

International Data Transfers

Your personal data may be transferred to and processed outside the UK. Where we transfer data internationally, we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and conduct transfer risk assessments as required. You may request information about these safeguards by contacting us.

Data Retention

  • Contact enquiries: retained for up to 24 months from our last interaction, unless a longer period is required by law or to resolve a dispute.
  • Server logs and security records: retained for up to 12 months, unless needed longer for security investigations.
  • Analytics data: retained for up to 26 months in aggregated or pseudonymised form.
  • Consent records and suppression lists: retained as long as necessary to demonstrate compliance and to honour opt-out requests.

We will delete or anonymise data when it is no longer needed for the purposes described in this Policy.

Data Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, least-privilege practices, secure configurations, vulnerability management, and staff confidentiality obligations. Despite our safeguards, no method of transmission or storage is completely secure; we cannot guarantee absolute security.

Your Rights Under UK Data Protection Law

  • Right to be informed about how your data is used.
  • Right of access to your personal data and to obtain a copy.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (right to be forgotten) in certain circumstances.
  • Right to restriction of processing in certain circumstances.
  • Right to data portability for data you provided, where processing is based on consent or contract and carried out by automated means.
  • Right to object to processing based on legitimate interests and to direct marketing (we do not conduct direct marketing).
  • Right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Rights related to automated decision-making, including profiling; we do not carry out automated decisions producing legal or similarly significant effects.

Exercising Your Rights

To exercise your rights, contact us at [email protected]. We may request information to verify your identity and will respond within one month of receipt of a valid request, or notify you if more time is needed given complexity or volume. If we decline a request where permitted by law, we will provide the reason.

Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

Third-Party Websites

Our content may reference third-party websites or resources. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy notices before providing personal data.

Complaints

If you have concerns about how we process your personal data, please contact us first so we can address them. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will post the updated version on this page and change the “Effective date” below. If changes are material, we will take appropriate steps to notify you.

Contact

Controller: CheapoDrugs Info (Owner: Nicola Foley)

Address: 20-22 Wenlock Road, London, N1 7GU, United Kingdom

Email: [email protected]

Effective Date

Effective date: 14 October 2025

Write a comment

Your email address will not be published. Required fields are marked *