World Malayalee Pharma

GDPR Compliance

Maddie Shepherd Aug 27 0 Comments

Scope and Applicability

World Malayalee Pharma is an educational website operated in the United States that provides evidence-based medication guides, disease overviews, and supplement facts for the global Malayali community. This notice explains our practices under the European Union General Data Protection Regulation (GDPR) for individuals in the EEA/UK and outlines how those practices align with applicable U.S. federal and state privacy laws. The content on this site is for education only—always consult a licensed clinician for personal medical advice. We are not a covered entity or business associate under HIPAA, and we do not seek protected health information.

Identity of the Controller

Controller: World Malayalee Pharma, owned and operated by Maddie Shepherd.

Postal address: 75 Middlesex Turnpike, Burlington, MA 01803, United States of America.

Email: [email protected]

Categories of Personal Data We Process

  • Contact Information: name, email address, and any details you include when contacting us.
  • Account and Preference Data: credentials and settings if we offer account features.
  • Communications: the content of your messages, inquiries, and feedback.
  • Technical and Usage Data: IP address, device identifiers, browser type, pages viewed, timestamps, and referrer information collected through server logs and similar technologies.
  • Cookies and Similar Technologies: preference, functional, and analytics cookies as described below.
  • User-Provided Content: comments or submissions you voluntarily provide for publication or feedback.
  • Special Categories: we do not intentionally collect health or other special category data. If you voluntarily disclose such information, we will process it only with your explicit consent and solely for the purpose you provided it, and we will minimize and restrict access.

Purposes of Processing and Legal Bases

  • Operate and Secure the Website: to provide core functionality, troubleshoot, and prevent fraud or abuse. Legal bases: legitimate interests; legal obligation where applicable.
  • Respond to Inquiries and Provide Support: to answer questions you send us. Legal bases: legitimate interests; consent where required.
  • Account Management: to create and maintain user accounts (if offered). Legal bases: contract performance; legitimate interests.
  • Analytics and Service Improvement: to understand usage patterns and improve content quality and accessibility. Legal bases: consent where required; legitimate interests in the U.S. for aggregated, non-sensitive analytics.
  • Communications and Newsletters: to send educational updates or announcements. Legal basis: consent; you may withdraw at any time.
  • Compliance and Enforcement: to comply with applicable laws and enforce our terms. Legal bases: legal obligation; legitimate interests.

Cookies and Similar Technologies

We use cookies and similar technologies to operate the site, remember preferences, and measure audience engagement.

  • Strictly Necessary Cookies: required for core features (security, load balancing, session management).
  • Functional Cookies: remember your settings and preferences.
  • Analytics Cookies: help us understand how visitors use the site (e.g., pages visited, time on page) so we can improve content and usability.

Where required by law, we obtain your consent for non-essential cookies. You can manage cookies through your browser settings; disabling certain cookies may affect site functionality.

Data Sharing and International Transfers

We share personal data only as necessary for the purposes described above and with appropriate safeguards:

  • Service Providers/Processors: hosting, content delivery, security, analytics, email and communication tools, and professional services. They are contractually bound to use data only on our instructions and to implement appropriate security.
  • Legal and Compliance: to comply with lawful requests, protect rights, safety, and property, or respond to legal process.
  • Business Transitions: in case of merger, acquisition, or asset transfer, subject to confidentiality and continued protection of personal data.

Our primary data infrastructure is located in the United States. If we transfer personal data from the EEA/UK to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses and implement supplementary measures where needed.

Retention

We keep personal data only for as long as necessary to fulfill the purposes described in this notice or as required by law. Typical retention periods include:

  • Account and Communication Records: for the life of the account and up to 24 months thereafter, or 24 months from last interaction for non-account communications.
  • Analytics Data: typically 24 months in aggregated or pseudonymized form.
  • Legal and Compliance Records: as required by applicable law (often 3–7 years).

When retention is no longer necessary, we securely delete or anonymize data.

Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls and least-privilege practices, multi-factor authentication for administrative access, security logging and monitoring, regular backups, vendor due diligence, and an incident response process. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your Rights under GDPR

If you are in the EEA/UK, you have the following rights subject to applicable exceptions:

  • Access: obtain confirmation and a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your personal data.
  • Restriction: limit processing under certain circumstances.
  • Portability: receive data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Object: object to processing based on legitimate interests and to direct marketing.
  • Withdraw Consent: where processing is based on consent, withdraw at any time without affecting prior processing.
  • Automated Decisions: the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (we do not engage in such processing).

To exercise these rights, contact us at [email protected] or write to: World Malayalee Pharma, 75 Middlesex Turnpike, Burlington, MA 01803, USA. We will respond within one month, extendable by two months for complex requests. You also have the right to lodge a complaint with your local supervisory authority.

U.S. State Privacy Disclosures

California (CCPA/CPRA)

Categories Collected: identifiers (e.g., contact details), internet/usage information (e.g., device and analytics data), and inferences derived from usage for service improvement. Purposes: as described in this notice. We do not sell or share personal information for cross-context behavioral advertising and do not use or disclose sensitive personal information for purposes other than those permitted by law.

Your California rights include: know/access, delete, correct, portability, and to limit use of sensitive personal information (not applicable as we do not use such information in this manner). You may exercise rights via [email protected]. We will verify requests by reasonably necessary methods (e.g., matching information you provide with data we maintain). You may use an authorized agent by providing written authorization and by verifying your identity directly with us. We will not discriminate against you for exercising your rights.

Virginia, Colorado, Connecticut, and Utah

Residents of these states may have rights to confirm processing, access, correct, delete, and obtain a portable copy of certain personal data, and to opt out of targeted advertising, sale of personal data, and certain profiling. We do not sell personal data or engage in targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects. Submit requests to [email protected]. If we deny your request, you may appeal by replying to our decision with the subject line “Privacy Appeal.”

Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal data from them. For individuals in the EEA/UK, we do not knowingly process data of children under the age of digital consent applicable in their country without verifiable parental consent. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete it.

Automated Decision-Making

We do not use personal data for automated decision-making that produces legal effects or similarly significant impacts on individuals.

International Users

Your data may be processed in the United States and other countries that may have different data protection laws than your country of residence. We implement appropriate safeguards for cross-border transfers as described above.

Changes to This Notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. Material changes will be effective when posted. Please review this page periodically for updates. Effective date: September 1, 2025.

Contact

World Malayalee Pharma
Attn: Maddie Shepherd
75 Middlesex Turnpike, Burlington, MA 01803, USA
Email: [email protected]

Write a comment

Your email address will not be published. Required fields are marked *

*