GDPR Notice

Scope and Applicability

This Data Protection Notice applies to the processing of personal data in connection with the website ceorlhns2017.com, operated as ENT Head and Neck Pharma Guide, and to any related services we provide within the United States of America. It is intended to meet the requirements of the EU/UK General Data Protection Regulation (GDPR/UK GDPR) for individuals in the European Economic Area and the United Kingdom, while aligning with applicable U.S. privacy laws.

ENT Head and Neck Pharma Guide delivers evidence-based information on medications for ear, nose, throat, and head and neck conditions, including drug profiles, doses, side effects, interactions, indications, medication comparisons, and concise disease overviews.

Identity of the Data Controller

Controller: Urian Fiorita (Owner, ENT Head and Neck Pharma Guide)

Address: 2905 Pearl St, Boulder, CO 80301, United States

Email: [email protected]

No Data Protection Officer is formally appointed; please direct all privacy inquiries to the Controller using the contact details above.

Categories of Personal Data We Process

  • Contact and account data: name, email address, professional role or affiliation (if provided), and credentials for account registration and authentication.
  • Communications and support data: content of emails or inquiries, feedback, and related metadata.
  • Usage and device data: IP address, browser type, device identifiers, pages viewed, time spent, referring/exit pages, and interactions with site features (collected via cookies, logs, and similar technologies).
  • Preference and consent data: cookie and marketing preferences, opt-in/opt-out records.
  • Content submissions: comments or information you choose to submit through forms.

Sensitive data: We do not seek to collect protected health information (PHI) or other sensitive data. Please do not submit patient-identifiable or sensitive information. If such information is inadvertently received, we will delete it where feasible.

Purposes and Legal Bases for Processing (GDPR)

  • Service delivery and site functionality (Legal basis: performance of a contract or legitimate interests in operating and improving our services).
  • Account management and communications, including responses to inquiries (Legal basis: performance of a contract or legitimate interests in customer support).
  • Analytics and service improvement, including measuring performance and preventing misuse (Legal basis: legitimate interests; for EEA/UK users, certain analytics cookies may rely on consent).
  • Compliance and protection, including legal obligations, enforcing terms, detecting fraud or security incidents (Legal basis: legal obligation and legitimate interests).
  • Marketing communications where you have opted in or where permitted by law (Legal basis: consent; you may withdraw at any time).

Alignment with U.S. Privacy Laws

We strive to align our practices with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) and similar state laws (e.g., Colorado, Connecticut, Utah, Virginia). We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under California law.

California Residents

  • Categories collected: Identifiers (e.g., email, IP address), Internet/Network activity (e.g., browsing and usage data), and professional information if provided. Sensitive personal information is not collected for the purpose of inferring characteristics.
  • Sources: Directly from you (forms, communications) and automatically from your device (cookies, logs).
  • Purposes: Service operation, communications, analytics, security, and compliance (as detailed above).
  • Disclosures: Service providers/processors (hosting, analytics, email delivery, customer support), and disclosures required by law or in connection with legal claims or security incidents.
  • Rights: To know/access, correct, delete, and non-discrimination for exercising rights. Opt-out of sale/sharing is not applicable because we do not sell or share personal information. If our systems detect an applicable browser-based opt-out signal (e.g., Global Privacy Control), we will treat it as an opt-out to the extent required by law.

Colorado, Connecticut, Utah, and Virginia Residents

  • Rights: To confirm processing and access, correct inaccuracies, delete, obtain a portable copy of your data, and opt out of targeted advertising and certain profiling (we do not engage in targeted advertising or selling of personal data).
  • Appeals: If we deny a request, you may submit an appeal by replying to our decision or emailing us with “Privacy Appeal” in the subject line.

Cookies and Similar Technologies

We use cookies and similar technologies to enable core site functions, remember preferences, perform analytics, and enhance security. Where required, we will seek your consent prior to placing non-essential cookies (e.g., in the EEA/UK).

  • Strictly necessary cookies: essential for site functionality and security.
  • Analytics cookies: help us understand usage to improve the service; consent-based where required.
  • Preference cookies: store your settings and choices.

You may manage cookies through your browser settings and, where provided, our on-site controls. Disabling some cookies may limit functionality.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this Notice, including to meet legal, accounting, or reporting requirements. Retention periods vary by category, typically: contact/account data for the duration of the account and a reasonable period thereafter; communications for the period necessary to address your inquiry and maintain records; and usage data for shorter analytical and security timeframes unless aggregated or anonymized.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is completely secure; we continuously work to improve our safeguards.

International Data Transfers

If you are located outside the United States, your personal data may be transferred to and processed in the United States and other jurisdictions that may have different data protection laws. For transfers subject to GDPR, we rely on appropriate safeguards such as standard contractual clauses with our processors and supplementary measures where applicable, or on another lawful transfer mechanism.

Recipients and Disclosure of Personal Data

  • Service providers/Processors: hosting and infrastructure, analytics, email delivery, customer support, and security service providers engaged under contracts that restrict use of personal data to specified purposes.
  • Legal and compliance: competent authorities, regulators, or legal counsel when required by law or necessary to protect rights, safety, or enforce agreements.
  • Business transitions: in connection with a merger, acquisition, or other corporate transaction, subject to applicable legal requirements.

Children’s Data

Our services are intended for individuals in professional or adult educational contexts and are not directed to children. We do not knowingly collect personal data from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided personal data, please contact us to request deletion.

Your Rights Under GDPR

  • Right of access: obtain confirmation and a copy of your personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion where applicable (e.g., when data are no longer necessary or consent is withdrawn).
  • Right to restriction: request limited processing under certain circumstances.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format, and transmit it to another controller.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: at any time, without affecting prior lawful processing.
  • Right to lodge a complaint: with a competent supervisory authority if you believe your rights have been infringed.

Exercising Your Rights and Verification

To exercise your rights, please contact us using the details below. We may need to verify your identity and request additional information to process your request. We will respond within the timeframes required by applicable law.

  • Email: [email protected]
  • Postal: Urian Fiorita, 2905 Pearl St, Boulder, CO 80301, United States

If you are a U.S. state resident with specific statutory rights and disagree with our response, you may submit an appeal as described above.

Automated Decision-Making and Profiling

We do not engage in decision-making based solely on automated processing that produces legal or similarly significant effects concerning you.

Updates to This Notice

We may update this Notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by additional notice.

Effective date: 23 October 2025

Contact Information

For any questions, requests, or concerns regarding this Notice or our data practices, please contact:

Urian Fiorita (Owner, ENT Head and Neck Pharma Guide)
2905 Pearl St, Boulder, CO 80301, United States
Email: [email protected]

Menu

© 2025. All rights reserved.