Data Protection

Sep, 5 2025

Scope and Applicability

This Data Protection Notice describes how Varenicline Rx (vareniclinerx.com) collects, uses, discloses, and safeguards personal data in the United States of America, and outlines additional rights for individuals located in the European Economic Area (EEA), the United Kingdom (UK), and certain U.S. states. This website is an informational resource on varenicline and smoking cessation intended for patients and caregivers. We are not a healthcare provider and are not acting as a covered entity or business associate under HIPAA. Do not submit protected health information.

Identity of the Controller and Contact

Controller/Owner: Kezia Stroud

Address: 30 Stockwell Dr, Avon, MA 02322, United States

Email: [email protected]

Categories of Personal Data We Collect

We may collect and process the following categories of personal data, depending on your interactions with the website:

  • Identifiers: IP address, device identifiers, browser type, operating system, and cookie identifiers.
  • Contact Information: Name and email address when you correspond with us.
  • Communications: The content of messages you send to us, including questions or feedback related to medications, diseases, or supplements.
  • Usage Data: Pages viewed, time spent, referring/exit pages, and similar interaction metrics.
  • Cookies and Similar Technologies: Information collected via cookies, pixels, and local storage to support site performance, security, and analytics.
  • Approximate Location: Derived from IP address to understand regional usage, subject to your device and browser settings.
  • Sensitive Information: We do not seek to collect sensitive personal information. If you voluntarily provide health-related details in communications, we process them only to respond to your inquiry and do not use them to infer characteristics.

Sources of Personal Data

  • Directly from you: When you email us or otherwise contact us.
  • Automatically: Through your device and browser via cookies and similar technologies.
  • Service Providers: Partners that provide hosting, analytics, security, and email services.
  • Public Sources: Information available from publicly accessible sources as needed for security and fraud prevention.

Purposes of Processing

  • To operate, maintain, and secure the website and its content.
  • To respond to inquiries and provide requested information.
  • To analyze site performance and improve content, usability, and accessibility.
  • To prevent, detect, and investigate fraud, abuse, security incidents, and technical issues.
  • To comply with applicable laws, regulations, and legal processes, and to enforce our terms.
  • To communicate administrative updates, such as changes to this notice.

Legal Bases for Processing (EEA/UK)

Where the GDPR/UK GDPR applies, we rely on one or more of the following legal bases:

  • Consent: For the use of certain cookies/technologies where required and for responding to inquiries you initiate.
  • Legitimate Interests: To operate a secure, effective website; prevent fraud; and improve content, provided your interests and fundamental rights do not override these interests.
  • Contract: To take steps at your request prior to entering into a contract or to perform a contract with you, where applicable.
  • Legal Obligation: To comply with applicable legal requirements and law enforcement requests.
  • Vital Interests: In rare cases to protect individuals’ vital interests.

Disclosures of Personal Data

We do not sell personal information and do not share personal information for cross-context behavioral advertising. We may disclose personal data to:

  • Service Providers and Processors: Hosting providers, analytics providers, security and anti-fraud partners, and email service providers, bound by contractual confidentiality and data protection obligations.
  • Professional Advisors: Lawyers, auditors, and insurers under confidentiality obligations.
  • Legal and Compliance: Authorities, courts, or third parties when required by law or to protect rights, safety, and security.
  • Business Transfers: In connection with a merger, acquisition, or asset transfer, subject to appropriate safeguards.

If our practices change to include “selling” or “sharing” as defined by applicable U.S. state privacy laws, we will update this notice and provide required opt-out mechanisms.

Cookies and Similar Technologies

We use necessary cookies for site functionality and security, and may use analytics cookies to understand how visitors use our site. You can manage cookies through your browser or device settings, which may affect site functionality. We do not currently respond to Do Not Track signals. Information collected via cookies is retained only as long as necessary for the purposes described above.

International Data Transfers

We process and store personal data in the United States. When we transfer personal data from the EEA/UK to the U.S., we rely on appropriate safeguards such as standard contractual clauses and implement technical and organizational measures designed to protect your data.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods depend on the type of data, our relationship with you, and legal requirements. We periodically review data and securely delete or anonymize it when no longer needed.

Security

We implement administrative, technical, and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Children’s Privacy

Our website is intended for adults and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us at [email protected] so we can take appropriate action.

Your Rights Under U.S. State Laws

Depending on your state of residence (e.g., California, Colorado, Connecticut, Utah, Virginia), you may have the following rights with respect to your personal information, subject to exceptions:

  • Right to Know/Access: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of personal information we collected from you.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Data Portability: Receive certain personal information in a portable format.
  • Right to Opt Out: Opt out of the sale of personal information, sharing for cross-context behavioral advertising, or processing for targeted advertising. We do not sell personal information or share it for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: Where applicable, limit the use of sensitive personal information to necessary purposes. We do not use sensitive personal information to infer characteristics about you.
  • Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact us at [email protected]. We may need to verify your identity before fulfilling your request. You may use an authorized agent to submit requests as permitted by law; we may require proof of authorization and identity verification. If your request is denied in whole or in part, you may appeal by replying to our decision or emailing us with “Appeal” in the subject line. We will respond within the timeframes required by applicable law.

Your Rights Under the GDPR (EEA/UK)

If you are in the EEA or UK, subject to conditions and exceptions in the GDPR/UK GDPR, you may have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete personal data.
  • Erase personal data where grounds apply.
  • Restrict processing in certain circumstances.
  • Data portability, where technically feasible and lawful.
  • Object to processing based on legitimate interests, and to direct marketing.
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority. We encourage you to contact us first so we can address your concerns.

To exercise GDPR rights, contact: [email protected].

Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects about you.

Health Information Notice

Although our content concerns health-related topics (e.g., varenicline and smoking cessation), we do not request or require health information. Please do not submit protected health information or sensitive medical details. If you choose to provide such information in communications, we will use it solely to address your inquiry and will not use it to infer characteristics.

Third-Party Links

Our website may reference third-party websites or resources. We are not responsible for the privacy or security practices of those third parties. Review their privacy notices before providing personal data.

How to Contact Us

Varenicline Rx
Attn: Kezia Stroud
30 Stockwell Dr, Avon, MA 02322, United States
Email: [email protected]

Changes to This Notice

We may update this Data Protection Notice from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be indicated by updating the effective date below and, where appropriate, providing additional notice.

Effective Date: 2025-09-05

Categories

Archives

© 2025. All rights reserved.