Privacy Policy
Scope and Who We Are
This Privacy Policy explains how BMPHARMACY.COM (the “Website”), accessible at bmpharmacy.su, collects and processes personal data of visitors and users in the United Kingdom. It applies to all interactions with our online resources, including browsing, contacting us, subscribing to communications, and using any features we make available.
Data Controller: John Stromberg, trading as BMPHARMACY.COM.
Correspondence address: 300 Roger Barta Way, Smith Center, KS 66967, United States.
Contact email: [email protected].
We operate in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
Definitions
“Personal data” means any information that identifies or can be used to identify an individual. “Processing” means any operation performed on personal data (such as collection, storage, use, disclosure, or deletion). “Controller” means the entity that determines the purposes and means of processing personal data.
Personal Data We Collect
Information you provide to us
- Contact information: name, email address, and any other details you include when you contact us or subscribe to updates.
- Account details (if accounts are offered): username, password, preferences, and settings.
- Communications: content of messages, enquiries, feedback, and support requests.
- Marketing preferences and consent records.
Information collected automatically
- Technical and usage data: IP address, device identifiers, browser type and version, operating system, language settings, time zone, pages viewed, referring/exit pages, and timestamps.
- Interaction data: page response times, download errors, length of visits to pages, and scrolling/clicks to understand how the Website is used.
- Cookies and similar technologies: identifiers and related data used for essential functionality, analytics, and preferences (see “Cookies and Similar Technologies”).
Information from third parties
- Service providers and analytics partners may provide aggregated or pseudonymised insights about Website usage.
- Publicly available sources (for example, where you publicly post information that references our Website).
Purposes and Lawful Bases for Processing
- Operating and securing the Website, delivering content, and enabling features. Lawful basis: legitimate interests (to run an informative and secure site) and, where applicable, performance of a contract (providing requested services).
- Responding to enquiries, providing user support, and communicating with you about your requests. Lawful basis: legitimate interests and/or performance of a contract.
- Sending service and administrative messages (such as policy updates or operational notices). Lawful basis: legitimate interests and/or legal obligation.
- Providing marketing communications where you have opted in or where otherwise permitted by law. Lawful basis: consent; you may withdraw consent at any time.
- Conducting analytics to improve content quality, usability, and performance. Lawful basis: legitimate interests; where analytics require non-essential cookies or similar technologies, we rely on your consent under PECR/UK GDPR.
- Ensuring security, preventing fraud and misuse, and diagnosing issues. Lawful basis: legitimate interests and, where relevant, legal obligation.
- Complying with legal and regulatory obligations and responding to lawful requests. Lawful basis: legal obligation.
Special Category Data
We do not seek to collect special category data (such as health information) through the Website. Please do not include sensitive personal data in free-text fields. If you choose to provide such information, we will process it only where strictly necessary and with your explicit consent or under another applicable UK GDPR condition. The Website provides general pharmaceutical and healthcare information and is not a substitute for professional medical advice.
Children’s Privacy
Our services are not directed to children under 13 years of age, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can delete it.
Cookies and Similar Technologies
We use cookies and similar technologies to make the Website work, remember your preferences, and understand how our content is used.
Categories
- Strictly necessary cookies: required for core functionality and security. These do not require consent.
- Functional cookies: remember choices to enhance your experience. Require consent where not strictly necessary.
- Analytics cookies: help us understand usage to improve the Website. Require consent.
- Advertising cookies (if used): measure or personalise advertising. Require consent.
Your choices
Where required by law, we request your consent before setting non-essential cookies. You can withdraw or modify your cookie preferences at any time via the cookie controls we provide or by adjusting your browser settings to block or delete cookies. If you disable certain cookies, some features may not function properly.
Retention of Personal Data
We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law. Typical retention periods are:
- Enquiries and support communications: up to 24 months from last interaction.
- Account data (if applicable): for the life of the account and up to 24 months after closure or last activity, unless a longer period is required by law.
- Analytics data: typically up to 26 months, or a shorter/longer period consistent with our analytics configuration.
- Consent records and compliance logs: up to 6 years from the date of record, or as required to evidence compliance.
- Security logs: typically up to 12 months, unless extended for investigations.
We may retain anonymised or aggregated data that does not identify you for longer periods.
Sharing and Disclosure
- Service providers (processors): hosting, security, analytics, email delivery, and customer support providers that process data on our instructions and are bound by contractual obligations to protect personal data.
- Legal and regulatory: where required to comply with laws, enforce our terms, or protect rights, safety, and security.
- Business transfers: in connection with a reorganisation, merger, or transfer of assets, subject to appropriate protections.
- Professional advisers: auditors, lawyers, and consultants under confidentiality obligations.
We do not sell your personal data.
International Data Transfers
We may transfer personal data to countries outside the United Kingdom, including the United States, where our service providers or systems are located. Where we do so, we rely on appropriate safeguards under the UK GDPR, such as adequacy regulations or approved transfer mechanisms (including the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses). You may contact us to obtain further information or a copy of the relevant safeguards.
Security
We implement appropriate technical and organisational measures designed to protect personal data, including encryption in transit, access controls, least-privilege principles, regular review of processor safeguards, and staff confidentiality measures. No system is completely secure, and we cannot guarantee absolute security. If we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and relevant authorities as required by law.
Your Rights Under UK Data Protection Law
- Right of access: to obtain confirmation and a copy of your personal data.
- Right to rectification: to have inaccurate or incomplete data corrected.
- Right to erasure: to request deletion of your personal data in certain circumstances.
- Right to restriction: to request restriction of processing in certain circumstances.
- Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller where feasible.
- Right to object: to processing based on our legitimate interests, including profiling on that basis, and to direct marketing at any time.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
- Rights related to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your rights have been infringed. We encourage you to contact us first so we can address your concerns.
Exercising Your Rights and Contact
To exercise your rights or raise privacy questions, please contact us at [email protected] or by post at the correspondence address above. We may need to verify your identity before responding. We aim to respond within one month of receiving your request, extendable by two further months for complex requests as permitted by law. We do not charge a fee unless a request is manifestly unfounded or excessive.
Marketing Communications
Where you have provided consent, we may send you information about content updates or services. You can withdraw consent or opt out at any time by following the instructions in our messages or contacting us at [email protected]. Even if you opt out of marketing, we may still send non-marketing service messages.
Links to Third Parties
The Website may contain references to third-party resources. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy information when you interact with them.
Automated Decision-Making and Profiling
We do not engage in automated decision-making that produces legal or similarly significant effects. We may use limited profiling for analytics or to tailor content presentation, which does not have such effects.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated by updating the date and, where appropriate, providing additional notice on the Website.
Last updated: 20 August 2025.
I'm John Stromberg, a pharmacist passionate about the latest developments in pharmaceuticals. I'm always looking for opportunities to stay up to date with the latest research and technologies in the field. I'm excited to be a part of a growing industry that plays an important role in healthcare. In my free time, I enjoy writing about medication, diseases, and supplements to share my knowledge and insights with others.