GDPR Notice

Aug, 24 2025

Scope and Controller

Be Active Skagit Pharma Hub ("we," "us," or "our") operates in the United States of America and provides educational health and pharmaceutical information. This notice explains how we process personal data in connection with the website beactiveskagit.org and related services.

Controller: Terrance Neal, 3000 184th St SW, Lynnwood, WA 98037, USA. Contact: [email protected].

This notice is designed to meet requirements of the EU/UK General Data Protection Regulation (GDPR) for individuals in the EEA/UK, and applicable U.S. federal and state privacy laws for residents of the United States.

Educational Nature of Services

We provide evidence-based information on medications, diseases, and supplements, including dosing basics, side effects, interactions, safety tips, regulatory updates, and cost-saving options. Our content is for informational purposes only and is not medical advice, diagnosis, or treatment. We are not a healthcare provider, insurer, or pharmacy and do not process prescriptions.

Definitions

"Personal data" or "personal information" means any information that identifies or relates to an identifiable individual. "Processing" means any operation performed on personal data, such as collection, use, disclosure, or storage. "Controller" means the entity that determines the purposes and means of processing personal data.

Categories of Personal Data We Process

  • Identifiers and contact information (e.g., name, email address, mailing address) when you contact us or subscribe to updates.
  • Online identifiers and device data (e.g., IP address, browser type, operating system, device settings, approximate location derived from IP).
  • Internet/activity data (e.g., pages viewed, referring/exit pages, time stamps, interactions with site features).
  • Communications and inquiries (e.g., the content of messages you send us and our responses).
  • Preference data (e.g., topics you view or save) to improve content relevance.
  • Inferences drawn from the above to understand aggregate usage trends. We do not knowingly create inferences about your health conditions.

We do not intentionally collect sensitive personal information (such as precise geolocation, health diagnoses, racial or ethnic origin, or union membership). Please do not submit sensitive information to us.

Sources of Personal Data

  • Directly from you (e.g., when you contact us).
  • Automatically through your device and browser when you access the site.
  • Service providers that support our website operations (e.g., hosting and analytics) to the extent permitted by law.

Purposes and Legal Bases for Processing (GDPR)

  • To operate and secure the website, perform troubleshooting, and prevent fraud or abuse. Legal bases: legitimate interests (IT security and service provision), and where applicable, legal obligation.
  • To respond to inquiries and provide customer support. Legal bases: legitimate interests (user support) or contract performance if we provide requested services.
  • To measure and improve site performance, content quality, and user experience. Legal basis: legitimate interests (service improvement). Where local law requires consent (e.g., for certain cookies), we will rely on your consent.
  • To send administrative communications and service-related notices. Legal bases: legitimate interests or contract performance.
  • To comply with laws, regulations, and enforce our terms, or to protect our rights. Legal basis: legal obligation and legitimate interests.

Notice at Collection for U.S. Residents (including California)

Categories Collected

  • Identifiers (e.g., email if you contact us) and internet or other electronic network activity information (e.g., browsing history on our site, interactions).
  • General geolocation (approximate, from IP) and inferences about site usage.

Purposes

  • Site operation, security, analytics, support, and improvement.
  • Compliance with law and protection against fraud or misuse.

Retention

We retain personal information only as long as necessary for the purposes described or as required by law, then delete or de-identify it. Typical retention periods range from the duration of your interaction with us to up to 24–36 months for analytics data, unless a longer period is required by law or necessary for security and compliance.

Disclosures

We disclose personal information to service providers that operate under contractual restrictions and to authorities where required by law. We do not sell personal information and we do not share personal information for cross-context behavioral advertising as defined by applicable U.S. state privacy laws.

Your U.S. State Privacy Rights

  • Right to know/access and obtain a portable copy of personal information.
  • Right to delete personal information, subject to exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sales and sharing for cross-context behavioral advertising (we do not sell or share as defined by applicable law).
  • Right to limit the use and disclosure of sensitive personal information (we do not use sensitive personal information for non-exempt purposes).
  • Right to non-discrimination for exercising your rights.
  • Right to appeal (for certain states) if we deny your request.

Cookies and Similar Technologies

We may use first-party cookies and similar technologies to enable core site functions, understand aggregate usage, and improve content. You can control cookies through your browser settings. Disabling cookies may affect site functionality. We do not respond to browser "Do Not Track" signals at this time due to the lack of a consistent industry standard.

Data Sharing and Recipients

  • Service providers/processors: hosting, security, analytics, communications support.
  • Legal and compliance: to comply with applicable law, lawful requests, or to protect rights, safety, and security.
  • Business transitions: in connection with a merger, acquisition, or asset transfer, subject to continued protections consistent with this notice.

We do not sell personal data.

International Data Transfers

If you are in the EEA/UK, your personal data may be transferred to the United States and other jurisdictions that may not provide the same level of data protection. Where required, we implement appropriate safeguards, such as standard contractual clauses, and take additional measures as appropriate to protect your personal data.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this notice, including security, legal, or accounting requirements. When retention is no longer required, we will delete or de-identify the data.

Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Your Rights Under the GDPR

  • Right of access to your personal data and information about our processing.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") in applicable circumstances.
  • Right to restriction of processing in applicable circumstances.
  • Right to data portability in a structured, commonly used, machine-readable format.
  • Right to object to processing based on legitimate interests and to direct marketing.
  • Right to withdraw consent at any time where processing is based on consent.
  • Right to lodge a complaint with a supervisory authority in your EEA/UK country of residence or work, or where an alleged infringement occurred.

Exercising Your Rights

To exercise your privacy rights or to submit an appeal of a denied request (where applicable), contact us at [email protected] or by mail at: Terrance Neal, 3000 184th St SW, Lynnwood, WA 98037, USA. Please specify the right you wish to exercise and provide sufficient information to verify your identity. If you are an authorized agent acting on behalf of another individual (where permitted by law), include proof of authorization and your identity information.

We will respond within the time frames required by applicable law (e.g., within one month under the GDPR, which may be extended by two months where necessary, and within applicable U.S. state deadlines). If we cannot fulfill a request, we will explain why.

Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us so we can take appropriate action.

Changes to This Notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by providing additional notice.

Contact Information

Controller and Privacy Contact: Terrance Neal

Postal Address: 3000 184th St SW, Lynnwood, WA 98037, United States of America

Email: [email protected]

Effective Date

This notice is effective as of the date of publication and supersedes prior versions.

Categories

Archives