Data Protection

Data Controller and Contact Information

This Data Protection Notice explains how Pharma Experts (ag-guys.su) processes personal data in accordance with applicable United States privacy laws and, where relevant, the European Union General Data Protection Regulation (GDPR) and the United Kingdom GDPR.

Controller: Pharma Experts

Owner/Privacy Officer: Issam Eddine

Postal Address: 6419 W Newberry Rd, Gainesville, FL 32605, United States

Email: [email protected]

Scope and Applicability

This notice applies to personal data we collect online through our website and related digital services. It is intended to meet requirements under U.S. federal and state privacy laws (including, as applicable, California Consumer Privacy Act as amended by the CPRA, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act) and to provide GDPR-compliant information for individuals located in the EEA/UK.

Categories of Personal Data We Process

• Identifiers: name, email address, postal address (if provided), online identifiers (such as IP address and cookie identifiers).
• Device/Technical Data: browser type, operating system, device type, referring URLs, pages viewed, session duration, and similar usage data.
• Geolocation Data: approximate location derived from IP address (city/region level).
• User Submissions: inquiries, feedback, content of messages you send us, and preferences (e.g., newsletter opt-ins).
• Professional or Educational Information: if provided in a query or submission.
• Inferences: profiles or preferences derived from observed interactions to improve content relevance.
• Sensitive/Health-Related Information: we do not require health information; however, if you voluntarily provide health-related details in a submission, we may process it only as necessary to respond and as permitted by law.

Purposes and Legal Bases for Processing

We process personal data for the following purposes:

• To operate, secure, and improve our website and services, including analytics and troubleshooting.
• To respond to inquiries and provide customer support.
• To send administrative and informational communications, including updates to this notice.
• To personalize content and measure engagement.
• To comply with legal obligations and enforce our terms.
• To protect against fraud, abuse, and security incidents.

GDPR legal bases (where applicable):

• Consent: for optional cookies, newsletters, and when you voluntarily provide sensitive data.
• Contract: to provide requested services or information you asked us to deliver.
• Legal Obligation: to comply with applicable laws and regulatory requests.
• Legitimate Interests: to maintain site functionality, prevent misuse, and improve our content (balanced against your rights and freedoms).

Special category data (e.g., health-related details you submit) is processed only with your explicit consent or if you manifestly make the information public, and only for the limited purpose for which it was provided.

Cookies and Similar Technologies

We use cookies and similar technologies to enable core site functionality, perform analytics, and enhance user experience. You can manage cookie preferences through your browser settings and, where offered, our on-site controls. Some features may not function properly without certain cookies.

We do not respond to Do Not Track (DNT) signals. Where required by U.S. state privacy laws, we will recognize certain opt-out preference signals (such as a valid Global Privacy Control) for opt-outs of sales/sharing or targeted advertising.

Sources of Personal Data

• Directly from you when you interact with our website or contact us.
• Automatically from your device and browser during site use.
• From service providers and partners that assist with hosting, analytics, and security.

Disclosure of Personal Data

• Service Providers/Processors: hosting, analytics, security, and support vendors under contractual confidentiality and data protection obligations.
• Affiliates and Business Transfers: in connection with corporate transactions, subject to this notice or substantially similar safeguards.
• Legal and Compliance: to comply with applicable law, lawful requests, and to protect rights, safety, and property.

We do not sell personal information for monetary consideration. We may share personal information for analytics or to provide more relevant content, which could be considered a “sale” or “sharing” or “targeted advertising” under certain U.S. state laws. You may opt out as described in the “Your Rights” and “How to Exercise Your Rights” sections.

International Data Transfers

We are based in the United States and your data may be processed in the U.S. and other countries that may have different data protection laws than your home jurisdiction. For transfers from the EEA/UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or other lawful transfer mechanisms, supplemented by risk assessments and additional measures as needed.

Retention of Personal Data

We retain personal data only as long as necessary for the purposes described above, including to comply with legal, accounting, or reporting requirements. Criteria used to determine retention include: the nature and sensitivity of the data, potential risk of harm from unauthorized use or disclosure, the purposes of processing, and applicable legal requirements. Typical retention periods include:

• Contact and inquiry records: up to 24 months after last interaction.
• Technical and analytics logs: up to 24 months, unless longer is needed for security or compliance.
• Marketing preferences: until you opt out or withdraw consent.

Your Rights

Rights for Individuals in the EEA/UK (GDPR)

• Access: obtain confirmation and a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion in certain circumstances.
• Restriction: limit processing under specified conditions.
• Portability: receive data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Object: object to processing based on legitimate interests, including profiling; object to direct marketing at any time.
• Withdraw Consent: at any time where processing is based on consent, without affecting prior lawful processing.
• Complaint: lodge a complaint with your local supervisory authority.

U.S. State Privacy Rights

• Right to Know/Access: request details about categories and specific pieces of personal information collected, used, disclosed, sold, or shared.
• Right to Correction: request correction of inaccurate personal information.
• Right to Deletion: request deletion of personal information, subject to exceptions.
• Right to Portability: request a portable copy of certain information.
• Right to Opt Out: opt out of the sale or sharing of personal information and of targeted advertising or certain profiling.
• Right to Limit Use of Sensitive Personal Information: where applicable by law.
• Non-Discrimination: you will not receive discriminatory treatment for exercising your rights.

How to Exercise Your Rights

To submit a request, contact us at [email protected] or by mail at: Pharma Experts, Attn: Privacy, 6419 W Newberry Rd, Gainesville, FL 32605, United States.

• Verification: We may request information necessary to verify your identity and authority before fulfilling your request.
• Response Time: We aim to respond within 30 days under GDPR and 45 days under applicable U.S. state laws, with possible extensions as permitted by law.
• Authorized Agents (California): You may designate an authorized agent; we may require proof of authorization and verification of your identity.
• Appeals (e.g., Colorado, Connecticut, Virginia): If we deny your request, you may appeal by replying to our decision email with “Privacy Appeal” in the subject line. We will respond within the timeframe required by law.
• Global Privacy Control: Where required, we will treat a valid GPC signal as an opt-out of sale/sharing or targeted advertising for the browser that sends the signal.

Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us to request deletion.

Security

We implement administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Health Information Notice

Pharma Experts provides general information about pharmaceuticals, supplements, and diseases. We are not a healthcare provider and are generally not subject to HIPAA. Do not submit protected health information. If you choose to share health-related information, we will process it only with your consent and solely to address your inquiry or as otherwise permitted by law. Content on our site is informational and not a substitute for professional medical advice.

Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Data Processing Agreements and Subprocessors

Where we engage service providers to process personal data on our behalf, we do so under written agreements that require appropriate confidentiality, security, and data protection obligations consistent with applicable law.

Data Minimization and Privacy by Design

We limit personal data collection to what is necessary for specified purposes and implement privacy-by-design and privacy-by-default principles in our processes and systems.

Changes to This Notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by providing additional notice.

Effective Date

Last updated: 21 August 2025