Privacy Policy

1. Who We Are

PillsCard.com ("PillsCard", "we", "us") is an independent European drug encyclopedia. We provide information about medications sourced from official government registries (EMA, URPL, openFDA).

Data controller (GDPR Art 4(7)): PillsCard.com, registered in Poland — full legal entity details (legal form, registered address, NIP, KRS/CEIDG, REGON) are published in our Legal Notice (Impressum).

General contact: partners@pillscard.com · Privacy contact: partners@pillscard.com · Data Protection Officer: partners@pillscard.com

2. What Data We Collect

Usage data: pages visited, search queries, time on site, referral source. Collected via analytics cookies (only with your consent).

Technical data: IP address (anonymized), browser type, device type, operating system. Collected automatically for security and performance.

Account data (optional): if you sign in with Google, we receive your name, email, and profile picture. We do not access your Google password.

Favorites and preferences: if you save drugs to your favorites list or change newsletter preferences, this data is stored in your account.

Newsletter consent: if you opt in to our newsletter, we record your consent with a timestamp and IP address as required by GDPR. You can withdraw consent at any time in your account settings.

We do NOT collect health data, medical history, prescriptions, or any sensitive personal data.

3. How We Use Your Data

To operate and improve the website: display drug information, process searches, and optimize performance.

To analyze site usage (with consent): understand which features are used, improve content and navigation.

To secure the service: detect and prevent fraud, abuse, and technical issues.

We do NOT sell your personal data. We do NOT use your data for targeted advertising.

4. Cookies

Essential cookies: required for the site to function (language preference, session). No consent needed.

Analytics cookies: help us understand how visitors use PillsCard. Only set with your explicit consent via our cookie banner.

We do NOT use advertising or tracking cookies. We do NOT share cookie data with third-party ad networks.

You can withdraw consent at any time by clearing your browser cookies or using your browser settings.

5. Third-Party Services and Subprocessors (GDPR Art 28)

We use the following data processors under written Data Processing Agreements (DPAs) where applicable. Each is named with purpose, jurisdiction, and the legal basis for transfer:

Hetzner Online GmbH (Germany, EU) — server hosting and infrastructure. Processes: all account, content, and log data. Legal basis: Art 6(1)(b) contract performance. Transfer: intra-EU, no adequacy decision needed.

Cloudflare, Inc. (USA) — CDN, DDoS protection, edge caching. Processes: IP addresses, request metadata. Legal basis: Art 6(1)(f) legitimate interest (security). Transfer: covered by EU-US Data Privacy Framework (DPF) certification. Privacy: https://www.cloudflare.com/privacypolicy/

Google LLC (USA) — Google Analytics 4 (only with explicit consent), Google Sign-In (optional). Processes: anonymized usage stats, basic profile info. Legal basis: Art 6(1)(a) consent. Transfer: EU-US DPF certified. Privacy: https://policies.google.com/privacy

Resend Inc. (USA) — transactional email delivery (account verification, password reset, requested newsletters). Processes: email address, message content. Legal basis: Art 6(1)(b) contract / Art 6(1)(a) consent for newsletters. Transfer: Standard Contractual Clauses (SCCs).

Stripe, Inc. (USA / Ireland) — payment processing for B2B subscriptions only (no consumer payments). Processes: business contact, billing details. Legal basis: Art 6(1)(b) contract. Transfer: EU-US DPF + SCCs.

We do NOT use advertising networks, retargeting services, programmatic ad platforms, or data brokers. We do NOT share personal data with any third party for marketing purposes.

An updated subprocessor list is maintained on this page. We will notify users of material additions before they take effect, where required.

6. Your Rights (GDPR Articles 15–22) and Supervisory Authority

If you are in the EU/EEA, you have the right to: access your data (Art 15), rectify inaccurate data (Art 16), erase your data — "right to be forgotten" (Art 17), restrict processing (Art 18), data portability (Art 20), object to processing (Art 21), and not be subject to solely automated decision-making (Art 22).

Where processing is based on consent (Art 6(1)(a)), you have the right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal (Art 7(3)).

To exercise any right, email partners@pillscard.com or our Data Protection Officer at partners@pillscard.com. We will respond within one month (Art 12(3)), extendable by two further months for complex requests with notice.

Polish supervisory authority — you have the right to lodge a complaint with: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, Poland · https://uodo.gov.pl

If you are habitually resident in another EU/EEA Member State, you may also lodge a complaint with the supervisory authority of your residence under Art 77 GDPR.

7. Data Retention

Analytics data: 26 months, then automatically deleted.

Account data: retained while your account is active. Deleted within 30 days of account deletion request.

Server logs: 90 days, then automatically deleted.

8. Data Security

All data is transmitted over HTTPS (TLS 1.2+). Server infrastructure is hosted in the EU. We follow industry-standard security practices including encrypted storage, access controls, and regular security audits.

9. Children's Privacy

PillsCard is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact partners@pillscard.com.

10. Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with an updated date. Continued use of PillsCard after changes constitutes acceptance.

11. Legal Basis for Processing (GDPR Art 6)

We process personal data only when one of the following lawful bases applies:

Art 6(1)(a) — Consent: for analytics cookies, newsletter, marketing communications, and any non-essential profiling. You can withdraw consent at any time.

Art 6(1)(b) — Contract: for delivering services you requested (account, B2B subscription, transactional email).

Art 6(1)(c) — Legal obligation: for retaining records mandated by Polish or EU law (e.g., tax records, consent logs under GDPR Art 7).

Art 6(1)(f) — Legitimate interest: for security, fraud prevention, and aggregated, anonymized analytics. We balance our interest against your rights and document the assessment internally.

We do NOT process special-category data under Art 9 (health, biometric, etc.). Drug favorites and similar features are user-volunteered preference signals, not health records, and are not used to infer diagnoses.

12. International Data Transfers

Where processors are located outside the EU/EEA (e.g., USA-based services), transfers are protected by one or more of: (a) the EU-US Data Privacy Framework (DPF) for participating processors; (b) Standard Contractual Clauses (SCCs) approved by the European Commission; (c) supplementary technical measures including encryption in transit and at rest.

You may request copies of the safeguards in place for any specific transfer by emailing partners@pillscard.com.

13. Automated Decision-Making and Profiling

We do NOT make decisions about you based solely on automated processing that produce legal or similarly significant effects (Art 22 GDPR). We do not perform credit scoring, automated insurance decisions, or any high-stakes profiling.

Limited profiling: with your consent, we use anonymous aggregated analytics to improve the service. With your separate consent, we may segment users for relevant content (e.g., pharmacy partners hearing only about pharmacy-related updates). You can opt out at any time.

14. Contact

For privacy questions or data requests: partners@pillscard.com

Data Protection Officer: partners@pillscard.com

General contact: partners@pillscard.com