Data Protection

Scope and Identity of the Controller

This Data Protection Notice applies to the website wrc2006.com, also known as World Rx Compendium 2006 (WRC2006), which operates in the United States of America and may be accessed by individuals worldwide. It describes how we collect, use, disclose, transfer, and safeguard personal data, and how individuals may exercise their rights under the General Data Protection Regulation (GDPR) and applicable U.S. privacy laws.

The controller responsible for personal data processing is World Rx Compendium 2006 (WRC2006), owned and operated by Mary Cantú, 3325 28th St, Boulder, CO 80301, United States.

Service Description

WRC2006 helps users find affordable, FDA-approved generic medications by comparing prices from verified pharmacies; it also offers side-by-side comparisons of brand drugs and their generic or therapeutic alternatives, provides efficacy, safety, and cost insights, disease guides, interaction and side effect summaries, and transparent pricing tools to support informed decisions with a clinician.

Contact Information

For any data protection questions, requests, or complaints, please contact: Mary Cantú, 3325 28th St, Boulder, CO 80301, United States. Email: [email protected].

Categories of Personal Data

  • Account and Contact Information: name, email address, and any details you provide when contacting us or creating preferences.
  • Service Usage and Content You Submit: search queries (e.g., drug names, conditions), saved comparisons, bookmarks, feedback, and support requests.
  • Device and Technical Data: IP address, device identifiers, browser type, operating system, language, time zone, referral URLs, and event logs.
  • Cookies and Online Identifiers: cookie IDs, web beacons, local storage, session information, and advertising/analytics identifiers.
  • Transactional and Referral Data: interactions with pricing tools, outbound clicks to pharmacies or merchants, and referral information from affiliates (we do not process your payment card details if you complete purchases with third-party pharmacies).
  • Inferences: derived interests or preferences (e.g., generic-vs-brand preferences) and possible health-related inferences based on searches you perform.
  • Communications: records of email correspondence and support case history.
  • Compliance and Security Data: audit trails, consent logs, and records required for legal or security purposes.

Sources of Personal Data

  • Directly from you when you search, save comparisons, request support, or contact us.
  • Automatically through cookies and similar technologies when you use our site.
  • From third parties, such as analytics providers and affiliate partners, regarding referral or campaign performance.

Purposes of Processing

  • Provide and improve the service, including price comparisons, alternatives, and educational content.
  • Personalize content and remember preferences where permitted.
  • Communicate with you, respond to inquiries, and provide support.
  • Measure performance, conduct analytics, and perform research and development.
  • Prevent fraud, secure the service, and ensure integrity and availability.
  • Comply with legal obligations and enforce terms.
  • Market our services, subject to consent where required, and allow opt-out of direct marketing.

Lawful Bases for Processing (GDPR)

  • Consent: for the placement and reading of non-essential cookies; for email marketing; and for processing any special category data (e.g., health-related inferences) you choose to provide through searches or inputs.
  • Contract: to provide features you request and to operate the site you access.
  • Legitimate Interests: to secure our services, prevent abuse, understand service performance, and improve content, provided these interests are not overridden by your rights and freedoms.
  • Legal Obligation: to comply with applicable laws, regulatory requirements, and to respond to lawful requests.

Special Categories of Data and Health Information

We do not require you to submit health information to use the site. However, if you enter drug names, conditions, or similar inputs, we may process data that could reveal health-related information. Where such processing occurs, we rely on your explicit consent, which you provide by submitting such information for the purpose of receiving comparisons or educational content. You may withdraw consent at any time as described below. WRC2006 is not a covered entity or business associate under HIPAA and does not provide medical care or maintain electronic health records; information on this site is for educational and cost-comparison purposes only and is not a substitute for professional medical advice.

Cookies and Similar Technologies

We use cookies and similar technologies to operate the site, remember preferences, analyze traffic, and, where permitted, support marketing or affiliate measurement.

  • Strictly Necessary: required for site functionality and security.
  • Preferences: remember choices such as saved comparisons.
  • Analytics: measure usage and performance to improve the service.
  • Advertising/Affiliate: measure referral effectiveness and, where applicable, tailor or limit advertising.

You can manage cookies through your browser settings and any site-level controls we provide. Where required, we request consent for non-essential cookies and you may withdraw consent at any time by adjusting settings or contacting us.

Disclosures to Processors and Third Parties

We disclose personal data to service providers (processors) under written agreements requiring appropriate safeguards and processing only on our instructions. Categories include hosting providers, analytics vendors, security and anti-fraud services, communications and email providers, and affiliate/measurement partners. If you navigate to a third-party pharmacy or merchant, that third party’s privacy practices govern any information you provide to them. We do not sell personal information for monetary consideration. We may disclose personal data if required by law, to protect rights and safety, or in connection with corporate transactions (e.g., merger or asset transfer) subject to appropriate protections.

International Data Transfers

We are located in the United States. If you are in the EEA, UK, or Switzerland, your data may be transferred to countries outside your jurisdiction, including the U.S. Where required, we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses and supplementary measures, to protect your data. You may request a description of relevant safeguards by contacting us.

EU/UK Representative

We have not appointed an EU or UK representative under Article 27 GDPR at this time. If our processing activities require such an appointment, we will update this notice. Meanwhile, EU/UK data subjects may contact us directly using the details above.

Data Retention

We retain personal data only as long as necessary for the purposes described or as required by law. Typical periods include:

  • Account/Contact and preference data: retained for up to 24 months after your last activity, unless you request deletion earlier.
  • Analytics data: retained for up to 26 months or as configured with our analytics provider.
  • Support correspondence and consent records: retained for up to 36 months or as necessary to demonstrate compliance.
  • Aggregated or de-identified data: retained without a defined limit for research and service improvement, without re-identifying individuals.

Security

We employ administrative, technical, and physical safeguards, including encryption in transit, access controls, least-privilege principles, audit logging, vulnerability management, and staff training. No system is completely secure; you are encouraged to use a secure network and up-to-date software when accessing our site.

Your Rights under GDPR

  • Access: obtain confirmation and a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion where no longer necessary or where consent is withdrawn, subject to legal exceptions.
  • Restriction: request limited processing under certain conditions.
  • Portability: receive data you provided in a commonly used, machine-readable format and transmit it to another controller where technically feasible.
  • Objection: object to processing based on legitimate interests, including profiling, and object at any time to direct marketing.
  • Withdraw Consent: withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Complaint: lodge a complaint with a competent supervisory authority.

Exercising Your Rights and Verification

To exercise rights, email [email protected] with your request, the right you wish to exercise, and sufficient information to verify your identity (e.g., the email address used on our site and details of a recent interaction). We may request additional information solely to verify your identity and protect user data. We respond within one month under GDPR and may extend by up to two additional months for complex requests, informing you of the reason for any delay. Authorized agents may submit requests where permitted by law, subject to verification of both the agent and the consumer.

U.S. State Privacy Disclosures

For residents of California, Colorado, Connecticut, Utah, Virginia, and other states with similar laws, the following apply in addition to the terms above.

Right to Know/Access, Correct, Delete, and Portability

You may request access to specific pieces and categories of personal information we collected, request correction of inaccuracies, request deletion (subject to exceptions), and request a portable copy of certain information. We will verify requests using reasonable methods based on the sensitivity of the data.

Opt-Out of Sale/Share and Targeted Advertising

We do not sell personal information for money. We may share certain online identifiers with analytics/advertising partners for targeted advertising or cross-context behavioral advertising. You may opt out by adjusting cookie preferences (where available), using browser settings that block third-party cookies, or contacting us at [email protected]. We honor applicable opt-out rights to the extent required by law.

Sensitive Personal Information

We do not use or disclose sensitive personal information (such as precise geolocation, government identifiers, or health data) for purposes requiring additional authorization under U.S. state laws. Any health-related inferences from your searches are handled with heightened care and, where applicable, only with your consent.

Appeals

If we deny your request, you may appeal by replying to our decision email or writing to [email protected] with the subject line “Privacy Request Appeal.” We will respond within the timeframe required by applicable law.

Non-Discrimination

We will not discriminate against you for exercising privacy rights.

Children’s Privacy

Our services are not directed to children. We do not knowingly collect personal data from children under 13 in the U.S. or under the age of digital consent in the EEA/UK (typically 16, or as set by local law). If you believe we have collected data from a child, please contact us for prompt deletion.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects. We may use limited profiling (e.g., analytics-based personalization) to improve content and user experience; you may object to such processing as described above.

Do Not Track and Global Privacy Controls

Our site may not respond to all browser Do Not Track signals. Where required by law, we make reasonable efforts to honor recognized user-enabled privacy signals for opt-out of sale/share or targeted advertising to the extent supported by our systems.

Changes to This Notice

We may update this notice to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the “Last Updated” date below and, where appropriate, by additional notice. Continued use of the site after an update signifies acknowledgment of the revised terms.

Last Updated: 25 September 2025

Independent Resolution and Complaints

EU/UK/Swiss individuals may lodge a complaint with their data protection authority. You may also contact us first so we can address your concerns promptly at [email protected] or by post to: Mary Cantú, 3325 28th St, Boulder, CO 80301, United States.