Privacy Policy | Winston's Pharmacy

Last Updated: November 27, 2024 | Effective Date: November 27, 2024

1. Introduction and Our Commitment to Privacy

Winston's Pharmacy ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at https://winstonspharmacy.com (the "Website"), use our product authenticity verification tools, or interact with us through our contact forms and services.

As a licensed compounding pharmacy and FDA-registered 503B outsourcing facility, we understand the sensitivity of health-related information and take our responsibility to protect your privacy seriously. This policy applies to information collected through our Website and does not cover information collected through other means, such as in-person pharmacy services or prescription processing, which are governed by separate privacy notices including our HIPAA Notice of Privacy Practices.

By using our Website, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use our Website.

2. Information We Collect

We collect information in several ways when you interact with our Website. The types of information we collect depend on how you use our services.

2.1 Browsing and Technical Data

When you visit our Website, we automatically collect certain technical information, including:

Device Information: Type of device, operating system, browser type and version, screen resolution, and device identifiers
Usage Data: Pages visited, time spent on pages, links clicked, referring website, and navigation patterns
Network Information: IP address, internet service provider, and general geographic location (city/region level)
Performance Data: Page load times, errors encountered, and technical diagnostics

This information is collected through cookies, web beacons, and similar tracking technologies, as described in Section 7 below.

2.2 Product Authenticity Verification Data

When you use our QR code-based product authenticity verification tools, we collect:

Verification Code Data: The unique product identifier or QR code scanned. This is a technical product code and does not contain personal health information about any individual patient.
Verification Metadata: Date, time, and approximate location of the verification request
Device Information: Basic device type used for scanning

Important Clarification: The QR codes and product identifiers used in our verification system are technical batch and product codes. They do not contain or reveal any personal health information, prescription details, or patient identity. The verification system is designed solely to confirm that a product originated from Winston's Pharmacy and has not been counterfeited.

2.3 Information You Provide

When you voluntarily submit information through our Website, we collect:

Contact Form Submissions: Name, email address, phone number, user type (patient, healthcare provider, or pharmacy), inquiry type, and message content
Account Information: If you create an account, your name, email address, and any profile information you provide
Communication Data: Records of correspondence if you contact us via email, phone, or other methods
Feedback and Survey Responses: Any information you provide in response to surveys, feedback requests, or reviews

2.4 Information from Third Parties

We may receive information about you from third parties, including:

Analytics providers who help us understand Website usage
Business partners with whom you have authorized information sharing
Publicly available sources

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Services

Operating and maintaining our Website
Processing and responding to your inquiries and requests
Providing product authenticity verification services
Improving Website functionality, content, and user experience
Developing new features and services

3.2 Security and Anti-Fraud

Detecting and preventing fraud, abuse, and unauthorized access
Monitoring for counterfeit products through verification patterns
Protecting the integrity of our verification systems
Investigating suspicious activities and potential violations of our terms
Ensuring the security of our Website and systems

3.3 Communications

Responding to your inquiries and providing customer support
Sending service-related announcements and updates
With your consent, sending marketing communications about our products and services
Notifying you of changes to our policies or terms

3.4 Legal and Compliance

Complying with applicable laws, regulations, and legal processes
Responding to lawful requests from public authorities
Enforcing our terms and policies
Protecting our rights, privacy, safety, or property
Fulfilling regulatory requirements for pharmaceutical compounding operations

3.5 Analytics and Research

Analyzing Website usage patterns and trends
Conducting research to improve our services
Generating aggregate, de-identified insights

4. Data Processing and Retention

4.1 Data Storage

Your information is stored on secure servers located in the United States. We use industry-standard cloud infrastructure providers that maintain appropriate physical, technical, and administrative safeguards.

4.2 Retention Periods

We retain your information for as long as necessary to fulfill the purposes for which it was collected, including:

Contact Form Data: Retained for 3 years from submission or until the inquiry is resolved, whichever is longer
Verification Logs: Retained for 5 years to support anti-fraud efforts and regulatory compliance
Browsing Data: Generally retained for 13 months for analytics purposes
Account Information: Retained for the duration of your account and for a reasonable period thereafter

4.3 Retention Criteria

In determining retention periods, we consider:

The purpose for which the data was collected
Legal and regulatory requirements for pharmaceutical operations
Potential need for data in legal proceedings
Industry best practices
Your reasonable expectations

5. Information Sharing and Disclosure

5.1 When We Share Information

We may share your information in the following circumstances:

Service Providers: With third-party vendors who perform services on our behalf, such as hosting, analytics, email delivery, and customer support. These providers are contractually obligated to protect your information.
Legal Compliance: When required by law, regulation, legal process, or governmental request, including requests from the FDA, state pharmacy boards, or law enforcement.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.
Protection of Rights: When necessary to protect our rights, privacy, safety, or property, or that of our users or the public.
With Your Consent: In other circumstances where we have obtained your explicit consent.

5.2 Affiliate Sharing

We may share information with our parent company, subsidiaries, and affiliates for purposes consistent with this Privacy Policy.

5.3 When We Do Not Share Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share your information with unaffiliated third parties for purposes unrelated to our services without your consent.

5.4 Aggregate and De-Identified Data

We may share aggregate or de-identified information that cannot reasonably be used to identify you for research, analytics, or other business purposes.

6. Cookies and Similar Technologies

6.1 What Are Cookies

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

6.2 Types of Cookies We Use

Essential Cookies: Required for the Website to function properly. These cannot be disabled without affecting Website functionality.
Analytics Cookies: Help us understand how visitors interact with our Website, allowing us to improve performance and user experience.
Functional Cookies: Remember your preferences and settings to enhance your experience.
Performance Cookies: Collect information about how you use the Website to help us improve its performance.

6.3 Purpose of Cookies

We use cookies to:

Maintain Website security and prevent fraud
Remember your preferences and settings
Analyze Website traffic and usage patterns
Improve Website performance and functionality
Understand which pages and features are most useful

6.4 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

View what cookies are stored and delete them individually
Block third-party cookies
Block cookies from specific sites
Block all cookies
Delete all cookies when you close your browser

Please note that disabling cookies may affect the functionality of our Website and your ability to use certain features.

6.5 Other Tracking Technologies

In addition to cookies, we may use web beacons, pixel tags, and similar technologies to collect information about your interaction with our Website and emails.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights for all users.

7.1 General Rights

All users may:

Access: Request information about the personal data we hold about you
Correction: Request that we correct inaccurate or incomplete personal information
Deletion: Request that we delete your personal information, subject to certain exceptions
Opt-Out: Unsubscribe from marketing communications at any time
Data Portability: Request a copy of your data in a commonly used format

7.2 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You may request that we correct inaccurate personal information.
Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information. Note that we do not sell personal information as defined under the CCPA/CPRA.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, please contact us using the information in Section 11. We may need to verify your identity before processing your request.

7.3 Other State Privacy Rights

Residents of other states with privacy laws (such as Virginia, Colorado, Connecticut, and Utah) may have similar rights. We will honor requests consistent with applicable state law.

8. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Consent: When you have given us explicit consent to process your information for specific purposes, such as receiving marketing communications.
Contractual Necessity: When processing is necessary to fulfill our obligations to you or to take steps at your request prior to entering into a contract.
Legal Obligation: When processing is necessary for compliance with laws and regulations applicable to our pharmaceutical operations.
Legitimate Interests: When processing is necessary for our legitimate business interests, such as fraud prevention, security, Website improvement, and business operations, provided these interests do not override your rights.

9. Security Measures

We implement a variety of security measures to protect your personal information:

Encryption: We use SSL/TLS encryption for data transmitted between your browser and our servers.
Access Controls: We restrict access to personal information to authorized personnel who need it for legitimate business purposes.
Secure Infrastructure: Our systems are hosted on secure, professionally managed infrastructure with appropriate physical and technical safeguards.
Regular Assessments: We conduct regular security assessments and updates to maintain the integrity of our systems.
Employee Training: Our staff receive training on privacy and security best practices.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

10. Children's Privacy

Our Website is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

We will update the "Last Updated" date at the top of this policy
For material changes, we may provide additional notice on our Website
We encourage you to review this policy periodically

Your continued use of the Website after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@winstonspharmacy.com
General Inquiries: hello@winstonspharmacy.com
Phone: +1 (800) 555-0199
Mailing Address:
Winston's Pharmacy
Attn: Privacy Officer
Houston, TX

For requests related to your privacy rights, please include sufficient information to allow us to verify your identity and process your request.

13. Related Documents

This Privacy Policy should be read in conjunction with our:

For information about how we handle protected health information in our capacity as a healthcare provider, please request a copy of our HIPAA Notice of Privacy Practices.