Data Protection

September 4, 2023 posted by Arabella Simmons

Data Controller and Contact Information

This notice describes how MedSelected.com: Pharmaceuticals Guide ("MedSelected.com," "we," "us," or "our") processes personal data. The data controller is the site owner, Ms. Arabella Simmons, 5500 Buckeystown Pike, Frederick, MD 21703, United States.

Contact: [email protected]

We have not appointed a formal Data Protection Officer; questions or requests regarding this notice should be directed to the contact above.

Scope and Applicability

This notice is intended to satisfy the transparency requirements of the EU/EEA and UK General Data Protection Regulation (GDPR/UK GDPR) and, where applicable, United States privacy laws, including but not limited to the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA) and similar state laws. It applies to personal data we process through MedSelected.com and related communications.

Categories of Personal Data We Process

Data You Provide

  • Contact details (e.g., name, email address) when you submit inquiries, subscribe to updates, or engage with us.
  • User-generated content (e.g., comments, feedback, survey responses).
  • Preferences (e.g., communication and cookie preferences).
  • Any health or condition information you voluntarily include in inquiries. We are not a covered entity under HIPAA, and you should avoid sharing sensitive health information unless necessary for your request.

Data Collected Automatically

  • Device and usage data (e.g., IP address, device identifiers, browser type, operating system, referring/exit pages, timestamps).
  • Online activity data (e.g., pages viewed, clicks, scrolls, time on page).
  • Cookie and similar technology data for functionality, analytics, and, if applicable, advertising.

Data from Third Parties

  • Service providers and partners may supply aggregated or analytics data.
  • If you arrive via a referral or campaign, we may receive related attribution information.

Purposes and Legal Bases for Processing (GDPR)

  • Provide and operate the site: to deliver content, features, and customer support. Legal bases: performance of a contract (where applicable), legitimate interests (to operate our services).
  • Analytics and service improvement: to understand usage, improve content quality, and maintain performance. Legal basis: legitimate interests; where required, consent.
  • Communications: to respond to inquiries, send administrative notices, and, with your consent, provide newsletters or promotional updates. Legal bases: legitimate interests; consent for marketing.
  • Security and fraud prevention: to protect our site, users, and systems. Legal basis: legitimate interests; legal obligation where applicable.
  • Legal compliance and enforcement: to comply with laws, respond to lawful requests, or defend legal claims. Legal basis: legal obligation; legitimate interests.
  • Consent management: to honor your privacy choices, including cookie preferences. Legal basis: legal obligation; consent.

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to enable site functionality, measure audience engagement, and, if implemented, provide personalized content. You can manage cookies via your browser settings and, where available, site-level preference tools. Disabling certain cookies may affect site functionality.

Disclosures of Personal Data

We disclose personal data to the following categories of recipients for the purposes described above:

  • Service providers and processors (e.g., hosting, security, analytics, communications) acting on our instructions.
  • Professional advisors (e.g., legal, accounting) under confidentiality obligations.
  • Authorities, courts, or parties in litigation when required by law or to protect rights, safety, or property.
  • Business transfers: in connection with a merger, acquisition, or other corporate transaction, subject to appropriate safeguards.

We do not disclose personal data in exchange for money. If we engage in activities that constitute a "sale" or "sharing" under certain U.S. state laws (e.g., for cross-context behavioral advertising), we will honor applicable opt-out rights as described below.

International Data Transfers

We are based in the United States and may process personal data in the U.S. and other countries that may have different data protection laws than your country of residence. Where GDPR applies to the transfer of your personal data from the EEA/UK to countries not deemed to provide an adequate level of protection, we rely on appropriate safeguards such as Standard Contractual Clauses, supplemented as necessary, or another lawful transfer mechanism.

Retention of Personal Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce agreements. Criteria used to determine retention periods include the nature and sensitivity of the data, potential risk of harm from unauthorized use or disclosure, the purposes of processing, and applicable legal requirements.

Security of Processing

We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least privilege practices, and monitoring. No security measure is absolute; we cannot guarantee complete security.

Your Rights under GDPR

Subject to conditions and exceptions under GDPR/UK GDPR, you may have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase personal data (right to be forgotten).
  • Restrict processing.
  • Data portability.
  • Object to processing based on legitimate interests and to direct marketing, including profiling related to such marketing.
  • Withdraw consent at any time where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority in your habitual residence, place of work, or where an alleged infringement occurred.

Additional U.S. State Privacy Disclosures

For residents of states with applicable privacy laws (including California, Virginia, Colorado, Connecticut, and Utah), the following disclosures apply:

Rights to Know/Access, Correct, and Delete

You may request to know the categories and specific pieces of personal information we have collected, the sources, purposes, and categories of recipients; to correct inaccuracies; and to delete personal information, subject to exceptions.

Right to Opt-Out of Sales/Sharing and Targeted Advertising

We do not sell personal information for money. If our use of cookies or analytics/advertising technologies constitutes a "sale," "sharing," or "targeted advertising" under state law, you may opt out by adjusting browser or device settings to block tracking technologies and by contacting us at [email protected] with your request. We will honor authorized agent requests consistent with state law.

Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes that require a right to limit such use under California law.

Non-Discrimination

We will not discriminate against you for exercising privacy rights granted by applicable law.

Children's Privacy

MedSelected.com is intended for a general audience and is not directed to children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, contact us so we can take appropriate action.

Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects concerning individuals.

Exercising Your Rights and Verification

To exercise your rights, contact us at [email protected] or by mail at: MedSelected.com: Pharmaceuticals Guide, Attn: Privacy, 5500 Buckeystown Pike, Frederick, MD 21703, United States.

We may need to verify your identity to process requests, which may require reasonable information matching what we maintain about you. If you use an authorized agent (where permitted by law), we may require proof of authorization and your verification. We aim to respond within one month under GDPR and within 45 days under applicable U.S. state laws, subject to permissible extensions.

Do Not Track

Our site does not currently respond to browser Do Not Track signals. You can manage cookie preferences via your browser settings and, where available, site-level tools.

Updates to This Notice

We may update this notice to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the "Effective Date" below and, where appropriate, by additional notice.

Effective Date

Effective Date: 2025-08-21

Your comment