Scope and Data Controller
This General Data Protection Regulation (GDPR) notice explains how OurMeds, a United Kingdom-based resource available at ourmeds.su, processes personal data in accordance with UK GDPR and the Data Protection Act 2018.
Controller: Rafe Pendry, IKEA Nottingham, Giltbrook Retail Park, IKEA Way, Giltbrook, Nottingham, NG16 2RP, United Kingdom. Email: [email protected].
OurMeds provides educational information only and does not offer medical diagnosis, treatment, or professional advice.
Effective date: 14 October 2025.
Definitions
“Personal data” means any information relating to an identified or identifiable natural person. “Processing” means any operation performed on personal data. “UK GDPR” refers to the United Kingdom General Data Protection Regulation and related laws.
Categories of Personal Data We Process
- Contact and correspondence data: name, email address, and any information you include when you contact us.
- Technical and usage data: IP address, device identifiers, browser type, operating system, pages viewed, referring URLs, timestamps, and interaction data collected via server logs and analytics (where consented).
- Cookie and similar technology data: identifiers and preferences associated with cookie categories (e.g., essential, analytics).
- Communication preferences: your choices regarding cookies, newsletters, or alerts.
- Special category data: we do not seek to collect health or other special category data. If you voluntarily disclose such data in communications, we will handle it as described below.
Purposes and Legal Bases for Processing
- Provide and operate the website, ensure availability and security (including fraud prevention and debugging). Legal basis: legitimate interests (Article 6(1)(f)) and, where applicable, legal obligation (Article 6(1)(c)).
- Respond to enquiries and provide user support. Legal basis: legitimate interests (Article 6(1)(f)); where we discuss steps you request regarding a service, Article 6(1)(b) may apply.
- Analytics to understand engagement and improve content (non-essential). Legal basis: consent (Article 6(1)(a)).
- Consent management and records of preferences. Legal basis: legal obligation (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)).
- Compliance with laws, exercising or defending legal claims. Legal basis: legal obligation (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)).
- Optional updates or newsletters (if offered). Legal basis: consent (Article 6(1)(a)).
Legitimate Interests Assessment Summary
Our legitimate interests include operating a secure, reliable educational website, preventing abuse, and improving content quality. We process only what is necessary, apply proportionate safeguards, and provide opt-outs where feasible, ensuring minimal impact on your privacy.
Special Category and Health Information
We do not request special category data (e.g., health information). Please avoid sharing personal health details. If you intentionally provide such data (e.g., within a message), we will either promptly delete it or, if necessary to address your request, process it only with your explicit consent (Article 9(2)(a)) and with appropriate safeguards.
Children’s Data
OurMeds is intended for adults. We do not knowingly collect data from children under 16. If you believe a child provided personal data, please contact us so we can take appropriate action.
Cookies and Similar Technologies
We use cookies and similar technologies to:
- Enable core site functions and security (strictly necessary; do not require consent).
- Measure usage and improve content (analytics; require consent).
- Remember preferences (functional; may require consent depending on implementation).
On your first visit, a consent interface may allow you to accept or manage non-essential cookies. You can withdraw consent at any time by adjusting your settings or clearing cookies in your browser. Essential cookies are always active to provide the service you request.
Data Sources
We collect personal data directly from you (e.g., messages), automatically through your device (e.g., server logs and cookies), and from service providers supporting our operations (e.g., hosting and analytics) as described herein.
Data Sharing and International Transfers
We share personal data with:
- Service providers acting as processors, such as hosting, security, analytics (with consent), email delivery, backup, and support tools.
- Authorities or legal advisers where required by law or necessary to establish, exercise, or defend legal claims.
Some recipients may be located outside the UK. Where no UK adequacy regulations apply, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, along with technical and organisational measures to protect your data.
Data Retention
- Correspondence and enquiry records: typically up to 24 months after resolution.
- Server logs: typically up to 12 months, unless needed longer for security or investigations.
- Analytics data: generally 26 months, or as configured in the analytics tool.
- Consent records and compliance documentation: up to 6 years to evidence compliance.
We may retain data longer where required by law or to establish, exercise, or defend legal claims. When retention ends, we securely delete or anonymise data.
Security of Processing
We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit (where applicable), least-privilege access, and monitoring. No system is fully secure; we maintain safeguards proportionate to risk and review them periodically.
Your Rights Under UK GDPR
- Access: obtain a copy of your personal data and information about processing.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion where applicable (e.g., when data is no longer necessary or consent is withdrawn).
- Restriction: request we limit processing in certain circumstances.
- Portability: receive personal data you provided to us in a structured, commonly used, machine-readable format and transmit it to another controller where applicable.
- Objection: object to processing based on legitimate interests or to direct marketing.
- Withdraw consent: withdraw consent at any time; this does not affect prior lawful processing.
- Complain: lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your rights have been infringed.
How to Exercise Your Rights
To exercise your rights, contact the controller using the details below. We may request information to verify your identity. We aim to respond within one month, extendable by up to two further months for complex requests. In general, requests are free of charge; we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests.
Automated Decision-Making and Profiling
We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on you.
Third-Party Websites
Our site may reference third-party content. We are not responsible for the privacy practices of third parties. We encourage you to review their data protection notices when you visit their services.
Changes to This Notice
We may update this notice from time to time to reflect legal, technical, or operational changes. Material changes will be indicated by updating the effective date above. Continued use of the site after an update signifies your acknowledgement of the revised notice.
Contact
Controller: Rafe Pendry
Postal address: IKEA Nottingham
Giltbrook Retail Park
IKEA Way
Giltbrook
Nottingham
NG16 2RP
United Kingdom
Email: [email protected]
For all data protection enquiries, rights requests, or concerns, please use the contact details above.