GDPR Notice

GDPR Notice

Data Controller and Contact Information

HisBlue Pharmaceuticals.Com is the data controller for the processing of personal data described in this notice.

Owner: Stéphane Moungabio

Postal Address: 160 Spear St, San Francisco, CA 94105, United States

Email: [email protected]

If you have questions about this notice, our privacy practices, or to exercise your rights, please contact us using the details above.

Scope and Applicability

This notice applies to personal data processed in connection with the operation of HisBlue Pharmaceuticals.Com, including information collected through our website, accounts, communications, and related services. It is intended to meet the transparency requirements of the EU/UK General Data Protection Regulation (GDPR) for users in applicable jurisdictions and to comply with relevant United States federal and state privacy laws, including California privacy laws (CCPA/CPRA).

Definitions

‘Personal data’ means any information relating to an identified or identifiable natural person. ‘Processing’ means any operation performed on personal data, such as collection, recording, organization, storage, adaptation, retrieval, use, disclosure, or deletion. ‘Sell’, ‘share’, and ‘targeted advertising’ are used as defined by applicable US state privacy laws.

Categories of Personal Data We Process

• Identifiers: name, username, email address, IP address, device identifiers.
• Contact details: postal address (if provided), phone number (if provided).
• Account and content: profile information, saved items, ratings, reviews, comments, feedback, communications you send to us.
• Usage and technical data: pages visited, links clicked, time stamps, referrer, browser and device information, approximate location derived from IP, log files, and diagnostic data.
• Preference data: cookie preferences, notification settings, consent choices.
• Health-related information you submit: self-reported interests, conditions, experiences with medications or supplements, survey responses. We do not request medical records.
• Inferences: preferences or interests derived from other data, where permitted by law.

Purposes and Legal Bases for Processing (GDPR)

We process personal data for the following purposes and, where GDPR applies, under these legal bases:

• Provide and operate the website and services (performance of a contract or steps prior to a contract; legitimate interests in running an informational platform).
• Customer support and communications (performance of a contract; legitimate interests in responding to inquiries).
• Personalization, analytics, and service improvement (legitimate interests to understand usage and enhance services; consent where required for cookies/trackers).
• Community features, reviews, and content moderation (legitimate interests to maintain a safe and trustworthy platform; compliance with legal obligations).
• Security, fraud prevention, and debugging (legitimate interests; compliance with legal obligations).
• Marketing and newsletters (consent where required; otherwise legitimate interests, with opt-out rights).
• Compliance with laws, legal requests, and enforcement of terms (legal obligations; legitimate interests).

Consent Withdrawal

Where processing relies on consent, you may withdraw your consent at any time by contacting us at [email protected] or adjusting your cookie and communication preferences. Withdrawal does not affect prior lawful processing.

Notice at Collection (California)

We collect the categories of personal information listed above for the business purposes described herein, including to provide services, maintain security, debug, perform analytics, and engage in limited marketing. We may disclose information to service providers and contractors for these purposes. We do not knowingly sell personal information. We may “share” personal information for cross-context behavioral advertising only with your consent where required, and you may opt out as described below.

Retention periods are described in the Retention section. We do not use or disclose sensitive personal information for purposes other than those permitted by law (e.g., to provide requested services, ensure security, or perform short-term transient use).

Cookies and Tracking Technologies

We use essential cookies to operate the site and, with consent where required, analytics and similar technologies to understand usage and improve our services. You can manage your preferences through your browser settings and any consent tools we provide. Some trackers are provided by service providers acting on our behalf.

Sources of Personal Data

• Directly from you (forms, account creation, communications, reviews, and feedback).
• Automatically from your device (cookies, logs, analytics events).
• From service providers that support our operations (e.g., analytics, hosting, security).

Disclosures of Personal Data to Third Parties

We may disclose personal data to the following categories of recipients for the purposes described above:

• Service providers and contractors (hosting, analytics, security, customer support, email delivery, content moderation).
• Professional advisors (legal, compliance, accounting) under confidentiality.
• Authorities, regulators, or law enforcement when required or permitted by law.
• Successors in interest in the context of a corporate transaction, subject to safeguards.

We do not permit our service providers to use personal data for their own independent purposes.

International Data Transfers

We are based in the United States and primarily process data in the United States. If personal data is transferred from the EEA, UK, or Switzerland, we rely on appropriate safeguards (such as standard contractual clauses and supplementary measures) where required by law.

Retention of Personal Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements, resolve disputes, and enforce agreements. Typical retention periods include: account data retained while your account is active; content (e.g., reviews) retained until you delete it or your account is deleted; logs and analytics retained for a period proportionate to operational needs, commonly between 6 and 36 months, unless a longer period is required by law or necessary for security.

Security Measures

We implement appropriate technical and organizational measures to protect personal data, including access controls, encryption in transit, least-privilege access, monitoring, and vendor diligence. No method of transmission or storage is completely secure; residual risk remains.

Your Rights Under GDPR

Where GDPR applies, you have the following rights, subject to limitations:

• Access: receive confirmation and a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of personal data in certain circumstances.
• Restriction: limit the processing of your data under specified conditions.
• Portability: receive data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Objection: object to processing based on legitimate interests or direct marketing.
• Consent withdrawal: withdraw consent at any time where processing is based on consent.
• Automated decision-making: the right not to be subject to decisions based solely on automated processing with legal or similarly significant effects. We do not engage in such decisions.

Your US State Privacy Rights

Depending on your state of residence (e.g., California, Virginia, Colorado, Connecticut, Utah), you may have rights to access, correct, delete, obtain a portable copy of your personal information, and opt out of sales, sharing, targeted advertising, or certain profiling. We will honor requests as required by applicable law.

Opt-Out of Sale/Sharing and Targeted Advertising

We do not knowingly sell personal information. To the extent any activity could be considered a sale or sharing or targeted advertising under applicable law, you may opt out by contacting us at [email protected] with the subject line ‘Opt-Out Request’. If we offer a site-based preference tool, you may also set your preferences there, and you can enable browser signals where supported.

Processing of Health-Related Information

The website provides informational content about medications, diseases, and supplements. Any health-related information you choose to submit (e.g., experiences, reviews) is processed to provide the services, moderate content, ensure safety, and improve our platform. We are not a healthcare provider or covered entity under HIPAA, and the site is not a substitute for professional medical advice. Do not submit medical records or information you consider highly sensitive unless strictly necessary for your use of the services.

Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal data from children under 13. If we learn that we have collected such data, we will delete it promptly.

Automated Decision-Making and Profiling

We do not make decisions with legal or similarly significant effects based solely on automated processing. We may use limited profiling for analytics and content personalization, subject to your rights and applicable consent requirements.

Exercising Your Rights and Verification

To submit a privacy request, contact us at [email protected]. Please specify the right you wish to exercise and provide sufficient information for us to verify your identity (e.g., account email, recent interactions with the service). We will respond within the time frames required by applicable law. If we cannot verify your identity, we may request additional information or deny the request with explanation.

Authorized Agents (California)

California residents may designate an authorized agent to submit a request on their behalf. We may require proof of authorization and verification of the requester’s identity directly with us.

Non-Discrimination

We will not discriminate against you for exercising your privacy rights. However, certain features may not function without necessary data, and we may offer bona fide loyalty or similar programs as permitted by law.

Appeals Process

If we deny your request, you may appeal by replying to our decision or contacting [email protected] with the subject line ‘Privacy Request Appeal’. We will inform you in writing of any action taken or not taken in response to your appeal and the reasons.

Do Not Track

Our services may not respond to Do Not Track signals. Where required, we honor legally recognized opt-out preference signals for targeted advertising or sales/sharing when technically feasible.

Changes to This Notice

We may update this notice from time to time to reflect changes in our practices or applicable laws. Material changes will be indicated by updating the effective date and, when appropriate, additional notice.

Effective Date

Effective as of: 2025-08-21