RxMeds ("we", "our", "us") operates rxmeds.store (the "Site"). This Privacy Policy explains what personal data we collect when you visit our website or place an order, how we use it, and the rights you have over it.
We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and applicable European data protection law. By using our Site, you agree to the practices described in this policy.
🔒 Short version: We collect only what we need to process your orders and improve your experience. We never sell your data. You can request deletion at any time.
1. Information We Collect
We collect personal data in the following ways:
1.1 Information You Provide Directly
- Account registration: Name, email address, and password when you create an account.
- Order placement: Full name, billing address, shipping address, phone number, and email address.
- Contact forms: Name, email, subject, order number, and any message content you submit.
- Prescription uploads: Your name, email, order reference, and the prescription image file you upload.
- Payment information: We do not store or process card numbers directly. All card payments are handled by PCI-DSS compliant third-party processors. We may receive a transaction reference and partial card details (last 4 digits) for order records.
1.2 Information Collected Automatically
- Log data: IP address, browser type and version, operating system, referring URLs, and pages visited.
- Device data: Device type, screen resolution, and language settings.
- Usage data: Time spent on pages, clicks, and navigation paths — collected via cookies and analytics tools.
- Cookies: See Section 5 for full details on cookies we use.
1.3 Information from Third Parties
- Payment processors: We receive confirmation of payment and transaction IDs from PayPal, Stripe, and cryptocurrency processors.
- Shipping partners: Tracking numbers and delivery status updates from our logistics partners.
2. How We Use Your Information
We use your personal data solely for the following purposes:
- Order fulfilment: Processing payments, packing, and dispatching your order.
- Customer communication: Sending order confirmations, shipping notifications, and responding to your enquiries.
- Account management: Creating and maintaining your customer account.
- Prescription processing: Reviewing uploaded prescriptions to verify eligibility for certain products.
- Legal compliance: Maintaining records for tax, accounting, and regulatory obligations.
- Fraud prevention: Detecting and preventing fraudulent transactions and protecting the security of our platform.
- Site improvement: Analysing how visitors use our site to improve performance, content, and user experience.
We do not use your data for automated profiling or decision-making that produces legal effects. We do not send marketing emails unless you have explicitly opted in.
3. Legal Basis for Processing (GDPR)
Under the GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:
- Contract performance (Art. 6(1)(b)): Processing necessary to fulfil your order and deliver our services.
- Legal obligation (Art. 6(1)(c)): Processing required to comply with tax, financial, and regulatory laws.
- Legitimate interests (Art. 6(1)(f)): Fraud prevention, site security, and improving our services — where our interests do not override your fundamental rights.
- Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for non-essential cookies or marketing communications.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We share your data only with the following categories of trusted third parties, strictly to deliver our services:
- Payment processors: PayPal, Stripe, cryptocurrency payment gateways — to process transactions securely.
- Shipping and logistics partners: To fulfil and track your delivery.
- Email service providers: To send transactional emails (order confirmations, shipping updates).
- Analytics providers: Google Analytics (anonymised data) to understand site usage.
- Hosting and infrastructure: Our web hosting provider stores site data on secure servers.
All third-party providers are contractually required to handle your data in accordance with applicable privacy laws and our instructions. We do not permit them to use your data for their own marketing purposes.
We may disclose your data to law enforcement or regulatory authorities if required by law or to protect the rights, property, or safety of RxMeds, our customers, or others.
5. Cookies and Tracking Technologies
Our website uses cookies — small text files stored on your device — to improve functionality and understand how visitors use our site.
Types of cookies we use:
- Essential cookies: Required for the site to function (e.g. shopping cart, login session). Cannot be disabled.
- Analytics cookies: Google Analytics tracks anonymised usage data (pages visited, session duration). You may opt out via your browser settings or the Google Analytics Opt-out Add-on.
- Preference cookies: Remember your settings and preferences across visits.
You can control or disable non-essential cookies in your browser settings at any time. Disabling cookies may affect certain features of the site. For more information, visit aboutcookies.org.
6. Data Security
We implement industry-standard technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction:
- SSL/TLS encryption: All data transmitted between your browser and our site is encrypted.
- Access controls: Personal data is accessible only to authorised personnel who need it to perform their duties.
- Secure hosting: Our servers are hosted in secure, access-controlled data centres.
- Password hashing: Account passwords are stored using strong one-way cryptographic hashing.
- Regular security reviews: We periodically review and update our security practices.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Article 33–34.
7. Data Retention
We retain your personal data only for as long as necessary for the purposes outlined in this policy:
- Order records: Retained for 7 years to comply with tax and accounting obligations.
- Account data: Retained for the duration of your account, plus 2 years after account closure.
- Prescription uploads: Retained for 12 months following your order, then securely deleted.
- Contact form submissions: Retained for 12 months, then deleted.
- Analytics data: Anonymised and aggregated — retained indefinitely.
When your data is no longer required, it is securely deleted or anonymised.
8. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Right to restrict processing (Art. 18): Request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at rxmeds4@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
🇪🇺 EU residents may lodge complaints with their national supervisory authority. A full list is available at edpb.europa.eu.
9. International Data Transfers
RxMeds is based in Europe. Some of our third-party service providers (such as Google Analytics) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries with an adequacy decision from the European Commission
10. Children's Privacy
Our website and services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately at rxmeds4@gmail.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Continued use of our site after changes constitutes acceptance of the updated policy.
12. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or how we handle your personal data, please contact us:
- Email: rxmeds4@gmail.com
- Contact form: rxmeds.store/contact
- Response time: Within 30 days for data subject requests, within 24 hours for general enquiries