Data Protection

Scope and Applicability

This notice explains how BioSpine processes personal information in connection with the biospine.org website and related communications. It is intended to meet requirements of applicable United States privacy laws and, where relevant, the EU/UK General Data Protection Regulation (GDPR/UK GDPR). This notice applies to visitors, users who contact us, and recipients of our communications. BioSpine is an informational resource only; we do not sell medications and our content does not replace professional medical advice.

Identity of the Controller and Contact Details

Controller: BioSpine

Owner: Kamryn Johnson

Postal Address: 11290 Donner Pass Rd, Truckee, CA 96161, United States

Email: [email protected]

Nature and Purpose of the Service

BioSpine provides pharmaceutical information to help users compare medications, explore generic and brand alternatives, review price ranges, and learn about diseases and conditions. We do not sell or dispense medications and we do not provide medical diagnosis or treatment. Any cost comparisons and therapy information are presented for informational purposes only.

Categories of Personal Information Collected

We may collect the following categories of information, which vary depending on your interactions with the site:

• Identifiers and contact information: name and email address (if you contact us), and online identifiers such as IP address, cookies, and device IDs.
• Internet or other electronic network activity information: browsing activity on our site, referral URLs, pages viewed, time stamps, and interaction metrics.
• Device and technical data: browser type and version, operating system, screen resolution, language settings, and approximate location inferred from IP address.
• Preferences and communications: your communication history with us and your cookie/consent preferences.
• User-submitted content: information you voluntarily provide in messages or forms (e.g., questions or comments). We do not request health records or protected health information.

Sources of Personal Information

We collect information directly from you when you contact us, automatically from your device and browser when you access our site, and from service providers and partners that support hosting, analytics, security, and communications.

Purposes of Processing and Use of Personal Information

• To operate, maintain, and improve our website and services.
• To respond to inquiries and provide customer support.
• To perform analytics, measure site performance, and understand usage trends.
• To detect, prevent, and address security incidents, fraud, abuse, or illegal activities.
• To manage cookies, preferences, and consent choices.
• To comply with legal obligations and enforce our terms.
• With your consent, to send informational updates or marketing communications where applicable.

Legal Bases for Processing (EEA/UK)

Where the GDPR/UK GDPR applies, we process personal data under the following legal bases:

• Consent: for non-essential cookies, marketing, or where you voluntarily provide information.
• Legitimate interests: to operate and secure our services, perform analytics, and improve user experience, provided such interests are not overridden by your rights and interests.
• Legal obligation: to comply with applicable laws and regulatory requirements.
• Contractual necessity: to respond to your requests and provide services you ask us to perform.

California Notice at Collection (CPRA)

Categories Collected

Identifiers; Internet or network activity; device/technical data; preferences/communications; user-submitted content. We do not intentionally collect sensitive personal information (such as precise geolocation, financial account numbers, government identifiers, or health records).

Business or Commercial Purposes

Operation of the service; security and fraud prevention; analytics; improving the site; responding to inquiries; managing preferences; limited marketing with consent.

Sale or Sharing

We do not sell personal information for money. We may allow advertising and analytics partners to collect certain identifiers (e.g., cookie IDs, IP address) on our site to enable cross-context behavioral advertising or analytics, which may be considered a “sale” or “sharing” under California law. You may opt out of such sale/sharing by managing cookie preferences or by contacting us at [email protected] with the subject line “Do Not Sell or Share My Personal Information.”

Retention

We retain personal information for the period reasonably necessary to achieve the purposes described in this notice, considering legal, tax, accounting, and security requirements. Specific periods are provided in the Data Retention section below.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

• Service providers: hosting, content delivery, analytics, security, anti-fraud, email and customer support providers.
• Advertising and measurement partners: to support limited advertising, reach, and performance measurement, where permitted.
• Professional advisors: auditors, legal counsel, and accountants.
• Authorities or third parties: when required by law or to protect our rights, users, or the public.
• Business transferees: in connection with a merger, acquisition, or asset transfer, subject to continued protection of personal information.

We do not permit service providers to use personal information for their own independent purposes beyond providing services to us.

Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to operate the site, remember preferences, perform analytics, and, where applicable, support advertising. Categories include:

• Strictly necessary: essential for core site functionality and security.
• Performance/analytics: help measure and improve site usage and performance.
• Functional: remember choices and preferences.
• Advertising: support delivery and measurement of ads and limiting ad frequency.

You can manage cookie preferences via your browser settings and our cookie controls (where provided). Disabling some cookies may affect site functionality. Where required, we request your consent before setting non-essential cookies.

Data Retention

We retain personal information only as long as necessary for the purposes set out in this notice:

• Server logs and IP addresses: up to 12 months.
• Analytics data: up to 26 months or the shortest period configured with our analytics provider.
• Contact inquiries and correspondence: up to 24 months after last interaction.
• Cookie preferences: for the duration indicated in the preference tool or until you clear cookies.

We may retain information longer if required to comply with legal obligations, resolve disputes, or enforce agreements.

International Transfers

We operate in the United States. If you are located outside the U.S., your information may be transferred to and processed in the U.S. and other countries that may not provide the same level of data protection as your jurisdiction. Where the GDPR/UK GDPR applies, we rely on appropriate safeguards such as Standard Contractual Clauses when transferring personal data from the EEA/UK to the U.S.

Your Rights Under U.S. State Laws

Subject to verification and applicable exceptions, residents of certain U.S. states (including CA, CO, CT, UT, and VA) may have the right to:

• Know/access the categories and specific pieces of personal information we collected about you.
• Delete personal information.
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information and of targeted advertising.
• Limit the use and disclosure of sensitive personal information (we do not use such information for inferring characteristics).
• Non-discrimination for exercising privacy rights.
• Appeal a denial of a privacy request (VA/CO/CT); instructions will be provided if a request is denied.

Your Rights Under the GDPR/UK GDPR

Where the GDPR/UK GDPR applies, you may have the right to:

• Access your personal data and obtain a copy.
• Request rectification of inaccurate or incomplete data.
• Request erasure (right to be forgotten) in certain circumstances.
• Request restriction of processing.
• Object to processing based on legitimate interests or for direct marketing.
• Data portability, to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with a supervisory authority. We encourage you to contact us first so we can address your concerns.

Exercising Your Rights and Verification

To exercise your rights, please contact us at [email protected]. Provide your name, the state or country of residence, the right you wish to exercise, and sufficient details for us to verify your identity and locate your records. We may request additional information solely for verification. Authorized agents may submit requests on your behalf by providing proof of authorization and, where required, your verified permission.

We will respond within the timeframes required by applicable law. If we deny a request, you may appeal by replying to our decision and indicating “Privacy Request Appeal” in the subject line.

Children’s Privacy

Our services are intended for a general audience and are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us to request deletion.

Security Measures

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Do Not Track and Global Privacy Control

Our site does not currently respond to browser-initiated Do Not Track (DNT) signals. Where required by law and technically feasible, we will honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing for the browser or device sending the signal.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects about you. Any profiling is limited to analytics and advertising activities described in this notice.

Changes to This Notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the “Last Updated” date. Your continued use of the site after an update constitutes acceptance of the revised notice.

Contact Information

If you have questions about this notice or our privacy practices, please contact:

BioSpine c/o Kamryn Johnson
11290 Donner Pass Rd, Truckee, CA 96161, United States
Email: [email protected]

Last Updated: October 3, 2025