Privacy Policy

Data Controller and Contact Information

This Privacy Policy explains how MedStore Online (the website located at medstore-online.su) processes personal data. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is Kestra Walker, trading as "MedStore Online".

Registered postal address: IKEA Warrington, 910 Europa Boulevard, Westbrook, WARRINGTON, WA5 7TY, United Kingdom.

Contact email: [email protected].

Scope

This Privacy Policy applies to personal data collected through our website and related services, including contact forms, inquiry emails, newsletter sign-ups (if available), and the use of interactive tools (e.g., pill identifier). Our content is for educational purposes only; please do not submit health or other sensitive information through our forms or email.

Lawful Bases for Processing

We process personal data under one or more of the following lawful bases under the UK GDPR:

  • Consent: When you have clearly agreed to specific processing (e.g., non-essential cookies, newsletters).
  • Legitimate Interests: To operate, secure, and improve our website, provided your rights and freedoms do not override those interests.
  • Legal Obligation: Where processing is necessary to comply with UK law or regulatory requirements.
  • Contract: Where processing is necessary to respond to your requests preparatory to a contract or to perform a contract with you (if applicable).
  • Vital Interests: In rare circumstances to protect someone’s life.

Categories of Personal Data We Collect

Data You Provide to Us

  • Contact details (e.g., name, email address) when you correspond with us.
  • Content of your communications (e.g., inquiries, feedback).
  • Preferences (e.g., cookie consent choices, newsletter preferences).

Data Collected Automatically

  • Technical and usage data (e.g., IP address, device identifiers, browser type/version, pages visited, time/date, referring URLs, approximate location derived from IP, and interaction data) collected via server logs and cookies or similar technologies.

Data from Third Parties

  • Aggregated analytics or anti-abuse signals from service providers (e.g., to detect bots or malicious activity).

Special Category Data

We do not seek to collect special categories of personal data (such as health data). Please do not include medical or other sensitive information in website forms or emails. If such information is inadvertently received, we will handle it securely and delete or minimize it where feasible.

Purposes of Processing

  • Operating and maintaining the website, including troubleshooting, security, and performance monitoring.
  • Responding to inquiries and providing user support.
  • Improving content, features, and user experience through analytics and feedback.
  • Managing preferences and consent (e.g., cookie choices, communication preferences).
  • Complying with legal obligations and enforcing our terms.

Cookies and Similar Technologies

We use cookies and similar technologies subject to the Privacy and Electronic Communications Regulations (PECR) and the UK GDPR. Where required, we obtain your consent before setting non-essential cookies.

Types of Cookies We May Use

  • Strictly Necessary Cookies: Essential for website operation, security, and user-requested functionality. These do not require consent.
  • Performance and Analytics Cookies: Help us understand how the website is used to improve content and features. These are used with your consent.
  • Functionality Cookies: Remember your choices (e.g., cookie preferences). May require consent depending on use.
  • Advertising/Targeting Cookies: We do not currently use targeted advertising cookies. If this changes, we will update this Policy and obtain consent where required.

Managing Cookies

You can manage non-essential cookies via our on-site cookie controls (where available) and through your browser settings by blocking or deleting cookies. Blocking certain cookies may affect site functionality.

Analytics

We may use analytics to measure and improve site performance and content effectiveness. Where feasible, we apply data minimization measures (e.g., IP truncation, aggregated reporting) and rely on consent for non-essential analytics cookies.

Direct Marketing and Communications

We will send marketing communications (such as newsletters) only with your consent or as otherwise permitted by law. You can withdraw consent or opt out at any time by using the unsubscribe instructions included in our communications or by contacting us at [email protected].

Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

Data Retention

We retain personal data only for as long as necessary for the purposes set out in this Policy and as required by law. Typical retention periods include:

  • Server logs and security records: up to 12 months, unless extended for security or legal reasons.
  • Contact inquiries and correspondence: up to 24 months after last interaction, unless a longer period is required for legal or operational reasons.
  • Cookie data: for the duration stated in the cookie settings and within legal limits.
  • Marketing preferences: until you withdraw consent or we determine the data is no longer needed.

Data Sharing and International Transfers

We may share personal data with trusted third parties under appropriate contractual safeguards, including:

  • Hosting, infrastructure, and security providers.
  • Analytics and measurement service providers (for consented analytics).
  • Professional advisors (legal, accounting) and compliance partners.
  • Authorities or regulators when required by law or to protect rights and safety.

Some recipients may be located outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, along with supplementary measures where necessary.

Security Measures

We implement technical and organizational measures appropriate to the risk, including:

  • Encryption in transit, access controls, and least-privilege access management.
  • Network and application security monitoring, logging, and backup practices.
  • Vendor due diligence and data processing agreements with service providers.
  • Staff awareness on data protection principles (where applicable).

No method of transmission or storage is completely secure; we continually assess and improve our safeguards.

Your Data Protection Rights

Subject to conditions and exemptions under the UK GDPR, you have the following rights:

  • Right of access to your personal data and to obtain a copy.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (right to be forgotten).
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests, and to object to direct marketing at any time.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise your rights, please contact us at [email protected] or by post to the address above. We may request information to verify your identity before fulfilling your request. We will respond without undue delay and within statutory timelines.

Complaints

If you have concerns about our data practices, please contact us first so we can try to resolve them. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Automated Decision-Making and Profiling

We do not use personal data for automated decision-making that produces legal or similarly significant effects. Any analytics-based profiling is limited to aggregated or pseudonymized insights to improve site performance and content.

Third-Party Sites

Our website may reference third-party resources or services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy notices before providing personal data.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the "Last updated" date below. Your continued use of the website after changes take effect constitutes acceptance of the updated Policy.

Last updated: 14 October 2025

Categories

Archives

Menu

© 2025. All rights reserved.