Foundation for Safe Medications & Medical Care
  • About Us
  • Terms of Service
  • Privacy Policy
  • GDPR Compliance
  • Contact Us

GDPR Compliance

Data Collection and Processing Principles

At Foundation for Safe Medications & Medical Care (SMMC), the collection and processing of personal data are conducted with the utmost diligence to uphold data protection rights and lawful standards applicable within the United States of America. Our procedures are rooted in transparency, ensuring the individuals whose data we process remain fully informed regarding the type, scope, and purpose of data collection. All data acquired—through user registration, newsletter subscriptions, direct inquiries, or engagement with our guides and resources—is solely used for legitimate purposes, which include enhancing user experience, meeting legal obligations, and fulfilling service requests. Every instance of personal data handling is performed regarding the core GDPR principles of lawfulness, fairness, and data minimization, guaranteeing only necessary and relevant data is gathered. Technical and organizational safeguards are established for the protection of data during both transit and storage, ensuring confidentiality and integrity. We periodically review collection processes to verify compliance and refine methods in line with evolving data protection practices. Data subjects have the right to request information concerning their personal data at any time. SMMC commits to treating all collected data with the greatest respect for user privacy, using reliable encryption standards and routinely updating our security measures against potential risks.

Lawful Basis for Processing Personal Data

Processing of personal data by Foundation for SMMC is always founded on a clear, lawful basis that aligns with both the requirements of the GDPR and the relevant data protection statutes in the United States. Such bases may include explicit user consent, contractual necessity, compliance with legal obligations, and the protection of legitimate interests in furthering our educational mission about pharmaceuticals, medications, and medical care. In situations where consent is required, it is sought in an unambiguous and informed manner. We provide users with clear options to withdraw consent at any stage without adverse effects. Processing under legal or medical obligations is strictly confined to such instances as mandated by law, maintaining clarity on the purposes and recipients of disclosed data. SMMC never uses personal data for automated decision-making or profiling in any healthcare context without explicit user consent. Our justification for all processing activities is thoroughly documented in our internal records, with procedures established for auditing and verifying lawful data processing.

Rights of Data Subjects

The Foundation for SMMC fully upholds the rights of data subjects as espoused by the GDPR, along with complimentary protective measures imposed in the United States. Individuals have the right to access their personal data, request rectification of inaccurate or incomplete information, and obtain the erasure of data where lawful. We also honor the rights to restrict processing, object to processing under specific circumstances, and request data portability for themselves or to designated third parties, as technologically feasible. Every request from a data subject is managed expeditiously, with a clear communication protocol guaranteeing acknowledgment within the statutory period. If a data subject believes that their data is being processed unlawfully, they are encouraged to contact us directly for prompt investigation and redress. Data subjects also retain the right to lodge complaints with competent regulatory authorities should they suspect violations of their privacy rights. Clear instructions and assistance are provided to guide users in exercising their rights through secure channels.

Data Security and Confidentiality Measures

Data security forms a foundational principle at Foundation for SMMC, enshrined in every aspect of our data management life cycle. We employ advanced technical safeguards, including but not limited to, state-of-the-art firewalls, data encryption during storage and transfer, access control measures, and continuous real-time monitoring of systems to detect anomalies or unauthorized access attempts. Regular security training is mandated for all staff members who may handle personal or sensitive information. Organizational policies establish strict limitations regarding data access, permitting only specifically designated personnel to process personal information. Security incidents, should they occur, are handled according to rigorous incident response procedures, ensuring prompt identification, notification, and remediation. Our commitment is further solidified by routine audits and compliance reviews, helping us maintain and improve upon our robust security posture. All physical documents are securely stored with controlled access, and data redundancy strategies are employed to protect against loss.

Transborder Data Transfers

Considering the international nature of our operations and digital presence, personal data collected by SMMC may be transmitted or stored outside the country of collection in compliance with relevant data protection laws. Where applicable, appropriate safeguards—such as standardized contractual clauses, encryption mechanisms, and privacy-enhancing technologies—are implemented to ensure that transferred data maintains a level of protection commensurate with United States data protection standards. Data subjects are duly informed when transborder data transfers are necessary, and their rights are respected regardless of data’s geographic location. Should legal or jurisdictional challenges arise in the transfer process, SMMC remains committed to cooperating with regulatory authorities and the data subjects to ensure lawful, secure, and transparent data movements. We vigilantly review and update mechanisms in place, addressing any irregularities promptly.

Data Retention and Deletion Policy

The retention of personal data at Foundation for SMMC is strictly subject to a defined policy based on purpose limitation and legal requirements. Collected data is retained only as long as is necessary to fulfill the purpose for which it was acquired, to comply with legal and regulatory obligations, or to address disputes and enforce agreements. At the conclusion of the retention period, or upon valid request for erasure by the data subject, all personal data is securely deleted or anonymized to prevent recovery or misuse. Data is routinely reviewed for relevance and necessity, with outdated or redundant information systematically purged. Where external partners or processors are involved in data retention, SMMC conducts due diligence to ensure their adherence to these stringent standards. Users are provided clear information regarding the durations applicable to their respective data subsets and are advised of their rights concerning data deletion.

Third Party Processing and Subcontractors

Foundation for SMMC may employ third-party service providers or subcontractors for technical support, data storage, and website optimization. All third parties are selected based on their proven commitment to data protection, subject to thorough contractual requirements mandating compliance with SMMC’s privacy and security standards. Before onboarding, each provider is evaluated through security assessments and must evidence their capacity to protect personal data in line with our expectations. Regular monitoring and audits of third-party activities are conducted to ensure ongoing compliance. Third-party processors are never authorized to use provided data for their own purposes except those expressly designated in written agreements. Where third parties are situated outside the United States, additional safeguards and certifications are required. Users are always notified of the involvement of third parties in the processing of their personal data, and may obtain further details regarding such processors upon request.

Updates to GDPR Practices

Our GDPR compliance strategy is an evolving process, regularly revised to reflect the continual development of applicable laws, best practices, and technological innovations. Foundation for SMMC reserves the right to update this notice and associated internal policies to ensure ongoing alignment with current rules and operational changes. All significant amendments will be communicated clearly to affected individuals, providing them the opportunity to review and respond to such changes. Historic versions of our policy are kept on record for compliance auditing and transparency purposes. Users are encouraged to revisit this page regularly for the latest updates affecting their data rights and our data processing approach. Should policy updates materially affect the way personal data is processed or disclosed, affected users will be notified in advance through prominent notices on our website and, where feasible, via email.

Contact Information

For all questions regarding data protection, the exercise of data subject rights, or further information concerning our GDPR compliance, please contact the owner, Charlotte Everly, at:

  • BBC Bristol, 1 Whiteladies Road, Bristol, BS8 2LR, United Kingdom
  • Email: [email protected]

We are committed to providing timely and thorough responses to all data protection inquiries and ensuring your rights are fully respected.

© 2025. All rights reserved.