Data Protection Notice

VSmart Pharma Solutions Blog
By Kalisha Nurse-Dash 10 August 2025

Scope and Applicability

This Data Protection Notice describes how VSmart Pharma Solutions (vsmart-solutions.com) collects, uses, discloses, and safeguards personal data in connection with its provision of reliable, evidence-based information on medications, diseases, and dietary supplements. It applies to users located in the United States of America and, where applicable, to individuals in the European Economic Area, the United Kingdom, and other jurisdictions that afford similar rights.

For visitors in the United States, this Notice is intended to comply with federal and state privacy laws, including the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), and comparable laws where applicable. For visitors in the EEA/UK, this Notice outlines practices intended to align with the EU/UK General Data Protection Regulation (GDPR). Where these frameworks conflict, we apply the higher standard required by the applicable law for the individual’s location.

Identity of the Controller and Contact Information

Controller: VSmart Pharma Solutions

Owner: Kalisha Nurse-Dash

Postal Address: 2525 El Camino Real, Carlsbad, CA 92008, United States of America

Email: [email protected]

Categories of Personal Data We Process

Information You Provide

  • Identifiers and contact details (e.g., name, email address, postal address, telephone number) provided through forms, inquiries, or correspondence.
  • Professional or role information (e.g., patient, caregiver, healthcare professional) where volunteered.
  • Content of communications (e.g., questions, feedback, support requests).
  • Sensitive information where voluntarily submitted, such as health-related details (e.g., conditions of interest). We discourage submission of protected health information (PHI). We are not a covered entity or business associate under HIPAA unless expressly stated in a separate agreement.

Information Collected Automatically

  • Internet or other electronic network activity (e.g., IP address, device identifiers, browser type, pages viewed, time on page, referring/exit pages).
  • Geolocation approximations derived from IP address (city/region level, where enabled).
  • Cookie, pixel, and similar technology data used for essential site functionality, analytics, and, where applicable, advertising measurement.

Information from Third Parties

  • Service providers (e.g., analytics, security, email delivery) furnishing aggregated or pseudonymous usage metrics.
  • Publicly available sources or professional directories, where lawful, to maintain accurate contact or professional details.

Purposes and Legal Bases for Processing (GDPR)

Service Delivery and Site Operation

To provide and maintain the website, respond to inquiries, and furnish educational resources. Legal bases: performance of a contract or steps prior to entering into a contract; legitimate interests in operating an informational website.

Communications

To send administrative messages and respond to requests. Legal bases: legitimate interests in communicating with users; consent for certain electronic communications where required.

Analytics and Improvement

To measure usage, diagnose issues, and improve content quality and usability. Legal bases: legitimate interests in understanding and enhancing services; consent for non-essential cookies/trackers where required.

Security and Fraud Prevention

To protect against malicious activity, enforce terms, and ensure integrity of systems. Legal bases: legitimate interests in safeguarding services; compliance with legal obligations.

Marketing and Personalization

To provide optional updates, educational newsletters, or content recommendations aligned to user interests. Legal bases: consent where required; legitimate interests with opt-out/objection rights.

Compliance and Legal Claims

To comply with applicable laws, regulatory inquiries, and to establish, exercise, or defend legal claims. Legal bases: compliance with legal obligations; legitimate interests.

Disclosures for United States State Privacy Laws (including CCPA/CPRA)

Notice at Collection and Categories

We collect the following categories as defined by California law: identifiers; internet or other electronic network activity; geolocation (approximate); professional information (if provided); inferences for content personalization; and sensitive personal information (limited health-related information only if you voluntarily provide it). We use and retain these categories for the purposes described in this Notice.

Retention

We retain personal information only as long as reasonably necessary for the disclosed purposes, to comply with legal obligations, or to resolve disputes. See the Data Retention section for typical periods.

Sale/Share of Personal Information

We do not sell personal information for monetary consideration. We may “share” identifiers and internet activity data with analytics or advertising measurement partners for cross-context behavioral advertising as defined by the CPRA. You may opt out of such sharing as described in the Cookies and Similar Technologies and Your Rights sections. We endeavor to honor Global Privacy Control (GPC) signals as an opt-out preference.

Sensitive Personal Information

We do not use or disclose sensitive personal information to infer characteristics. If sensitive information is provided by you, its use is limited to the purpose for which it was provided and to comply with applicable laws. California residents may request to limit our use and disclosure of sensitive personal information.

Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

Cookies and Similar Technologies

We use necessary cookies to enable core functionality, and, where permitted, functional, analytics, and advertising measurement cookies or similar technologies.

  • Necessary: enable essential site features and security.
  • Functional: remember preferences and enhance experience.
  • Analytics: understand site usage and improve performance.
  • Advertising/Measurement: measure reach and, where applicable, provide or assess personalized content.

Where required by law, we obtain your consent before setting non-essential cookies. You can manage preferences via your browser settings and, if available, our on-site controls. You may also send an opt-out request or set a GPC signal, which we endeavor to honor for applicable processing.

Data Transfers

If you are located outside the United States, your personal data may be transferred to and processed in the United States and other countries that may not provide the same level of data protection as your jurisdiction. Where required for GDPR-covered data, we rely on appropriate safeguards, such as Standard Contractual Clauses, and implement supplementary measures proportionate to risk.

Data Retention

We apply the following general guidelines, subject to operational needs and legal requirements:

  • Inquiry and correspondence records: typically up to 24 months after last interaction.
  • Analytics data: typically 14–26 months, depending on provider settings.
  • Server and security logs: typically up to 12 months, unless needed for incident investigation.
  • Legal, compliance, and tax records: as required by law (commonly 3–7 years).

When retention is no longer necessary, we will delete or de-identify data consistent with applicable laws and industry standards.

Security Measures

We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege authorization, periodic review of vendor practices, staff awareness, and incident response procedures. No method of transmission or storage is fully secure; we cannot guarantee absolute security.

Your Rights under GDPR

  • Access: obtain confirmation and a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion where grounds apply.
  • Restriction: request limited processing in certain cases.
  • Portability: receive data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Objection: object to processing based on legitimate interests, including profiling; object to direct marketing at any time.
  • Withdraw Consent: where processing is based on consent, you may withdraw at any time without affecting prior processing.
  • Complaint: lodge a complaint with a supervisory authority where you reside or work.

To exercise rights, contact [email protected]. We will respond within one month (extendable as permitted). Verification of identity may be required.

Your Rights under U.S. State Privacy Laws

  • Right to Know/Access: request the categories and specific pieces of personal information we have collected.
  • Right to Delete: request deletion of personal information, subject to exceptions.
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Opt Out: opt out of sale or sharing of personal information and targeted advertising.
  • Right to Limit Use of Sensitive Personal Information (CA): request limitation of use/disclosure.
  • Data Portability: receive information in a portable format.
  • Non-Discrimination: receive equal service and price for exercising rights.

Submit requests by emailing [email protected] or by mail to 2525 El Camino Real, Carlsbad, CA 92008, USA. We will verify your identity and respond within applicable timelines (typically 45 days, extendable where permitted). Authorized agents may submit requests for California residents with proof of authorization.

Appeals (VA/CO/CT): If we deny your request, you may appeal by replying to our decision email with “Privacy Rights Appeal” in the subject line or writing to our postal address. We will respond within 45 days with our final decision and further recourse information.

Children’s Data

Our services are intended for a general audience and are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that such information has been collected, we will take appropriate steps to delete it promptly.

Processors and Disclosures

We disclose personal data to service providers acting on our behalf under written agreements that require appropriate security and limit processing to our instructions. Typical recipients include hosting providers, analytics providers, email delivery services, security and anti-fraud vendors, professional advisors, and, where necessary, governmental or regulatory authorities. In the event of a corporate transaction (e.g., merger, acquisition, asset transfer), personal data may be transferred in compliance with applicable laws.

Profiling and Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects. We may perform limited profiling for analytics and to tailor educational content, subject to your rights to object or opt out where applicable.

How to Exercise Choices

You may manage cookies via your browser settings and any on-site preference tools we provide. You may opt out of marketing emails by using any unsubscribe option included in such communications or by contacting us. We endeavor to honor Global Privacy Control signals for applicable opt-out preferences.

Changes to This Notice

We may update this Notice from time to time to reflect changes in laws, technologies, or our practices. Material changes will be indicated by updating the effective date and, where appropriate, by additional notice.

Effective Date

August 21, 2025

Write a comment: