GDPR Compliance

Jul, 17 2025

Data Collection and Processing Practices

A Serious Business operates as a comprehensive pharmaceutical information portal serving users in the United States of America. We recognize the critical importance of user privacy and are committed to complying with relevant data protection laws, including, where applicable, the provisions of the General Data Protection Regulation (GDPR) and the corresponding regulations enforced in the USA. When users interact with our website, we may collect certain categories of personal and non-personal information such as email addresses, usage data, IP addresses, and other technologically generated identifiers through forms, analytics, and cookies. The collection, processing, and use of this data are conducted strictly for the purposes of website operation, enhancement of user experience, analytics, compliance with legal obligations, and, where explicitly agreed, sending updates or newsletters. We implement rigorous technical and organizational measures to protect the data from unauthorized access and ensure its integrity throughout its lifecycle.

Every data subject whose personal information is processed by A Serious Business holds the right to clear and transparent information regarding how their data is collected, used, and stored. We do not sell or lease personal data to external entities. Data collected will be maintained for only as long as necessary to fulfill its intended purposes, after which secure deletion or anonymization will occur in accordance with company policies and legal requirements. All data processing activities are performed under documented protocols and subject to periodic reviews. When data processing occurs through third-party service providers, we ensure strict contractual arrangements are in place to guarantee compliance with applicable laws, and data is not transferred beyond permitted geographic boundaries.

User Rights and Choices

At A Serious Business, users are empowered with a comprehensive array of rights with respect to their personal data, as granted under applicable privacy laws in the United States and, for applicable users, the GDPR. These rights include the right to access their personal data, the right to rectify any inaccurate or incomplete information, the right to erasure (the right to be forgotten), the right to restrict or object to the processing of data, and the right to data portability. We facilitate efficient and timely mechanisms for users to exercise these rights, ensuring requests are processed promptly in accordance with regulatory timelines and subject to verification of identity to protect against unauthorized activities.

Users may choose to modify or withdraw consent for particular uses of their information at any time, particularly regarding direct marketing communications. The right to lodge a complaint with relevant supervisory authorities is also provided for where users believe their privacy rights have been infringed without remedy. We provide detailed information about these rights and how to exercise them within our website interfaces, along with clear methods for contacting our data protection officer through provided channels. No automated decision-making or profiling that significantly affects individuals occurs on our platform, and users are not subject to decisions based solely on automated processing.

Security Measures and Data Integrity

Ensuring the security and confidentiality of your personal information is of paramount concern to A Serious Business. To this end, we employ industry-standard security practices, including robust encryption protocols, firewalls, and regular system monitoring, to safeguard personal data from accidental loss, unauthorized disclosure, destruction, or alteration. Our staff and contractors are trained in data protection practices and bound by confidentiality and accountability clauses. Internal policies dictate a regular review of our information security management systems and procedures to adapt to changing threats and regulatory requirements.

Our technical infrastructure is designed with redundancy, backup, and secure retention features in place to minimize risks of data loss. Access to data is strictly controlled and only granted to individuals with a legitimate business need and appropriate authorization. Regular vulnerability assessments and penetration testing are conducted to detect and remediate any potential security exposures swiftly. Where any data breach occurs that poses a risk to individual rights and freedoms, affected users will be promptly notified, and all necessary remedial measures will be taken to contain and address the breach in line with applicable legal obligations.

International Data Transfers and Third-Party Disclosures

A Serious Business is run by Loretta Swancott, whose primary business address is Royal Fort House, Tyndall Avenue, Bristol, BS8 1UH, United Kingdom. As we provide global services, certain personal data may be transferred, stored, or processed outside of your local jurisdiction, including to processors within the United States and the United Kingdom. All such transfers are conducted in accordance with legal requirements to ensure an adequate level of data protection is maintained, including through the use of standard contractual clauses or similar safeguards where necessary. We do not disclose personal information to third parties except as required to provide our services, comply with laws, enforce our policies, or protect our rights, property, or safety.

When engaging with third-party service providers (such as analytics, hosting, or security partners), we ensure that these entities adhere to equivalent standards of confidentiality and security. Explicit user consent is always obtained before sharing data for purposes outside the scope of the user’s interaction with our platform. Moreover, A Serious Business maintains a current register of all third-party data sharing activities and periodically reviews these relationships for regulatory and privacy compliance. In the event of mergers, acquisitions, or other business transitions, users will be notified of any changes regarding the control and responsibility for their data.

Contact Information and Inquiries

For any questions, concerns, or requests regarding your personal data, privacy, or GDPR compliance, users are encouraged to contact Loretta Swancott, the owner and designated point of contact for data protection matters. Communications can be directed in writing to Royal Fort House, Tyndall Avenue, Bristol, BS8 1UH, United Kingdom, or via email at [email protected]. All inquiries will receive diligent and timely responses in accordance with legal requirements, ensuring user concerns are addressed and resolved appropriately. Users may also request further clarification about our privacy and data processing practices or submit formal complaints if they believe their privacy rights have been violated.