Data Controller

Aclepsa MedGuide is the data controller for the personal data processed via the website aclepsa.su. The controller is represented by Laura Ledas, 2 Drury Way, London NW10 0TH, United Kingdom. You can contact the controller at [email protected].

This notice explains how we process personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Scope and Applicability

This notice applies to personal data collected through our website and related online features, including our pill identifier, drug and disease information pages, interaction check tools, user communications, and cookie-based technologies.

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Special Category Data: Personal data revealing health information and other sensitive categories defined by law.
  • Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
  • Controller: The entity that determines the purposes and means of processing personal data.
  • Processor: A third party that processes personal data on behalf of the controller.

Categories of Personal Data We Process

Data You Provide to Us

  • Contact details (e.g., name, email address) when you contact us.
  • Account credentials and profile information if you create an account (where available).
  • Content you submit, including queries related to diseases, medications, or the pill identifier tool. If you include health-related information, this may constitute special category data.
  • Feedback, survey responses, and preferences.

Data Collected Automatically

  • Technical and usage data such as IP address, browser type, device identifiers, pages viewed, time spent, and referral information.
  • Approximate location derived from IP address.
  • Cookie and similar technology identifiers (see Cookies and Similar Technologies).

Data from Third Parties

  • Service providers (e.g., hosting, analytics, customer support) may provide aggregated or pseudonymised usage metrics.

Special Category Data

We do not require special category data to use most features. If you voluntarily provide health-related information (e.g., in a query or image for the pill identifier), we will process it only with your explicit consent and solely for the stated purpose.

Purposes and Lawful Bases for Processing

  • Providing and operating the website and services (including pill identification, drug interaction checks, and content delivery): performance of a contract where applicable or legitimate interests in running and improving our services.
  • User support and communications (responding to enquiries, service notices): performance of a contract or legitimate interests in effective communication.
  • Analytics and service improvement (measuring performance, debugging, enhancing user experience): consent for non-essential cookies/analytics under PECR; limited processing for security and error logs based on legitimate interests.
  • Personalisation (remembering preferences): consent for non-essential cookies or legitimate interests where strictly necessary for the service.
  • Marketing communications (newsletters or updates): consent, with the ability to withdraw at any time.
  • Security, fraud prevention, and abuse detection: legitimate interests and/or legal obligation.
  • Legal compliance and enforcement (complying with laws, responding to lawful requests): legal obligation.
  • Processing of special category data (if you choose to provide health information): explicit consent for the specified purpose.

Cookies and Similar Technologies

We use cookies and similar technologies to operate our site, remember preferences, conduct analytics, and, where applicable, support marketing. Essential cookies are necessary for core functionality and are set on the basis of our legitimate interests. Non-essential cookies (e.g., analytics and marketing) are used only with your consent under PECR and UK GDPR.

You can manage your cookie preferences via our on-site consent tools and your browser settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

Data Sharing and Recipients

We share personal data with trusted recipients to the extent necessary for the purposes described:

  • Service providers/processors such as hosting, cloud infrastructure, security, analytics, email delivery, and customer support providers, bound by contractual obligations to process data only on our instructions.
  • Professional advisers (legal, compliance) under confidentiality obligations.
  • Authorities where required by law or to protect rights, safety, and security.
  • Business transfers in connection with a merger, acquisition, or reorganisation, subject to appropriate safeguards.

International Data Transfers

Where personal data is transferred outside the UK, we ensure an adequate level of protection through one or more of the following: adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to EU Standard Contractual Clauses, or other legally valid safeguards. We also implement supplementary technical and organisational measures where appropriate.

Retention of Personal Data

  • Account and profile data: retained while your account is active and for up to 6 years thereafter to address legal, accounting, or audit requirements.
  • Communications and support enquiries: generally retained for up to 24 months after resolution, unless a longer period is required by law or to establish, exercise, or defend legal claims.
  • Technical logs and security records: typically retained for 12 months.
  • Cookie identifiers: retained according to their individual lifespans and your consent settings.
  • Special category data submitted with consent: retained only as long as necessary for the specific purpose and then securely deleted or anonymised.

Security Measures

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, least-privilege principles, secure development practices, vulnerability management, logging and monitoring, staff confidentiality obligations, and data minimisation. No method of transmission or storage is completely secure; we continuously assess and improve our safeguards.

Your Rights

Subject to legal limitations, you have the following rights under UK GDPR:

  • Right of access to your personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten").
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent at any time where processing is based on consent.
  • Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.

To exercise your rights, contact [email protected]. We may need to verify your identity. We will respond without undue delay and within one month, extendable by two further months in complex cases (we will notify you if an extension is needed). You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Children’s Privacy

Our services are intended for users aged 13 and over. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe a child under 13 has provided personal data to us, please contact us so we can take appropriate action.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects. We may perform limited, non-intrusive personalisation (e.g., remembering preferences) consistent with your consent and settings.

Third-Party Content and Links

Our website may reference third-party content or tools. Where you access third-party resources, their respective privacy practices apply. We encourage you to review their data protection information before providing personal data to them.

How to Contact Us

Controller: Aclepsa MedGuide, represented by Laura Ledas

Address: 2 Drury Way, London NW10 0TH, United Kingdom

Email: [email protected]

We have not appointed a Data Protection Officer. For all data protection enquiries, please contact the controller using the details above.

Changes to This Notice

We may update this notice to reflect changes in our processing or legal requirements. Material changes will be highlighted on this page or via on-site notifications. Please review this notice periodically. Effective date: 14 October 2025.

© 2025. All rights reserved.