Scope and Who We Are
This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit or use the website operating under the trade name “247-drugstore.com Pharmacy” and accessible at 247-drugstore.su (the Website). It applies to all users located in the United Kingdom and is intended to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
Controller
The data controller responsible for your personal data is: Landon Sterling, 614 S Main St, Smith Center, KS 66967, United States.
Contact
For any privacy-related queries, including requests to exercise your rights, please contact: [email protected].
UK Representative
If required under UK GDPR Article 27, we will designate a United Kingdom representative and update this policy with their contact details. In the meantime, please direct all enquiries to the controller contact provided above.
Personal Data We Collect
Data You Provide to Us
- Identity and contact data: name, email address, postal address, phone number.
- Account data: username, password, preferences, communication settings.
- Order and service data: items viewed or requested, purchase history, delivery information, communications about orders.
- Health-related information (special category data): conditions, symptoms, medication interests, allergies, and information you choose to provide in enquiries or forms relating to pharmaceutical products or wellness. We collect this only where you choose to provide it and where a lawful basis applies (see “Processing of Special Category Data”).
- Communications: content of messages sent via forms, email, or customer support channels.
- Payment and billing data: partial payment details and transaction metadata. Full card data is typically processed by our payment service provider and not stored by us.
Data Collected Automatically
- Technical data: IP address, device identifiers, browser type, operating system, time zone, and approximate location.
- Usage data: pages visited, time on page, referring/exit pages, clicks, and interactions.
- Cookies and similar technologies: identifiers and preferences as described in “Cookies and Similar Technologies.”
Data from Third Parties
- Service providers: payment processors, analytics, fraud prevention, and security partners may provide information related to transactions, usage, or risk.
- Public and commercially available sources: to verify identity or prevent fraud where lawful.
Processing of Special Category Data (Health Information)
Types of Special Category Data
Where you choose to provide it, we may process information relating to your health, such as medical conditions, medications, allergies, or other wellness information submitted through forms or communications.
Lawful Bases for Special Category Processing
- Explicit consent (UK GDPR Art. 9(2)(a)): for processing you clearly agree to, for example when you submit health-related information via forms for advice or product suitability.
- Vital interests (Art. 9(2)(c)): in rare circumstances to protect life or physical safety where you are incapable of giving consent.
- Legal claims (Art. 9(2)(f)): where necessary for the establishment, exercise, or defence of legal claims.
Where we rely on consent, you may withdraw it at any time by contacting us. Withdrawal does not affect prior lawful processing.
Purposes and Lawful Bases for Processing Personal Data
- Operating the Website and providing services: to enable browsing, account management, and core site functionality. Lawful basis: performance of a contract or legitimate interests.
- Order handling and customer support: processing orders, enquiries, returns, and service communications. Lawful basis: performance of a contract; legitimate interests.
- Providing information on medication, diseases, and supplements: delivering requested content and resources. Lawful basis: legitimate interests; consent where content involves special category data.
- Personalisation and preferences: remembering settings and improving user experience. Lawful basis: consent for non-essential cookies; legitimate interests for essential functionality.
- Analytics and service improvement: understanding usage to improve content and security. Lawful basis: consent for non-essential cookies; legitimate interests for aggregated, low-privacy-impact analytics where permitted.
- Marketing communications: sending newsletters or offers. Lawful basis: consent; soft opt-in for existing customers as permitted by PECR.
- Security, fraud prevention, and diagnostics: detecting and preventing abuse or illegal activity. Lawful basis: legitimate interests; legal obligation where applicable.
- Legal compliance: complying with regulatory, tax, and law enforcement requirements. Lawful basis: legal obligation.
- Business administration: audits, reporting, and corporate transactions. Lawful basis: legitimate interests.
Cookies and Similar Technologies
We use cookies, pixels, and similar technologies to operate the Website, remember preferences, and, with your consent, to analyse usage and tailor content or marketing.
Types of Cookies
- Strictly necessary cookies: required for core functionality such as page navigation, session management, and security. These do not require consent.
- Functional cookies: remember choices and enhance features. Consent-based where not strictly necessary.
- Analytics cookies: help us understand site usage and improve performance. Consent-based.
- Advertising/targeting cookies: used to deliver relevant content or measure campaign performance. Consent-based.
Consent Management and Withdrawal
On your first visit and periodically thereafter, you may be presented with controls to accept or reject non-essential cookies. You can change your preferences at any time through your browser settings by deleting or blocking cookies or by adjusting settings in any cookie banner or preferences tool we provide. Blocking some cookies may affect site functionality.
Do Not Track
Some browsers offer a “Do Not Track” signal. As no uniform standard exists, we do not currently respond to these signals. You may manage cookies as described above.
Direct Marketing Communications
We may send you marketing messages about our content, products, or services if you have opted in, or under PECR’s soft opt-in for existing customers where we obtained your contact details in the context of a sale and you were given a clear opportunity to opt out.
Unsubscribe
You can opt out of marketing at any time by using the unsubscribe instructions in the message or by contacting [email protected]. We may still send service and transactional messages.
Profiling and Automated Decision-Making
We may use limited profiling (e.g., grouping users by interests or interactions) to tailor content or offers with your consent where required. We do not make decisions producing legal or similarly significant effects based solely on automated processing without your explicit consent or another lawful basis and appropriate safeguards.
Data Sharing and Recipients
- Service providers (processors): hosting, security, analytics, customer support, email delivery, payment processing, and fraud prevention. These parties act on our instructions and are subject to confidentiality and data protection obligations.
- Business partners: where you request integrations or combined services.
- Legal and regulatory authorities: where required by law or necessary to protect rights, safety, and security.
- Corporate transactions: in connection with a merger, acquisition, or asset sale, subject to continued protections.
We do not sell your personal data.
International Data Transfers
Your personal data may be transferred to and processed in countries outside the United Kingdom, including the United States, where the controller and certain service providers are located. Where such transfers occur, we implement appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and apply supplementary measures as needed to protect your data. You may request further information about these safeguards by contacting us.
Data Retention
We retain personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, or reporting obligations, and to resolve disputes. Typical retention periods include:
- Account data: retained while your account is active and for up to 6 years thereafter to address legal claims and record-keeping.
- Order and transaction data: up to 6 years for tax and accounting.
- Customer support communications: up to 3 years after resolution.
- Marketing preferences and consents: retained while active and for up to 3 years after your last interaction or until you withdraw consent.
- Cookies: retained according to their lifespan or until deleted via your browser or preferences tools.
Data Security
We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit, network security, and staff confidentiality obligations. No system is completely secure; we maintain incident response procedures to address potential breaches and will notify you and relevant authorities where required by law.
Your Rights Under UK GDPR
Subject to conditions and exemptions, you have the following rights:
- Access: to obtain confirmation and a copy of your personal data.
- Rectification: to correct inaccurate or incomplete data.
- Erasure: to request deletion where no longer necessary or where consent is withdrawn and no other basis applies.
- Restriction: to limit processing in certain circumstances.
- Portability: to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller where processing is based on consent or contract and carried out by automated means.
- Objection: to processing based on legitimate interests and to direct marketing, including profiling for marketing.
- Withdraw consent: where processing is based on your consent.
- Rights related to automated decision-making: to request human review and to contest decisions where legally applicable.
To exercise your rights, contact [email protected]. We may request verification of your identity. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We would appreciate the opportunity to address your concerns before you approach the ICO.
Children’s Privacy
Our services are not directed to children under 13 years of age, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
Pharmacy and Health-Related Interactions
Where our services involve information about medicines, diseases, or wellness products, any health data you choose to provide will be processed in accordance with this policy and applicable law. We may request additional information to verify suitability or safety where you ask us to provide guidance. Do not submit health information that you are not comfortable sharing, and do not include third-party data without their authorisation.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or the law. Material changes will be highlighted on the Website or communicated by other appropriate means. Please review this page periodically.
Contact and Controller Details
Controller: Landon Sterling
Address: 614 S Main St, Smith Center, KS 66967, United States
Email: [email protected]
Effective Date
Effective as of: 20 August 2025