GDPR Notice

Data Controller and Contact Information

This GDPR Notice applies to the processing of personal data by Sugar Rush Rx, operated at onasweetsugarrush.com in the United States of America. The data controller is John Reints, 3320 Silas Creek Pkwy, Winston-Salem, NC 27103, United States.

For any inquiry or to exercise your rights, contact: [email protected].

No Data Protection Officer is currently appointed. All privacy inquiries are handled by the controller.

Scope and Applicability

This notice applies to personal data processed about individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland, as well as visitors from the United States interacting with Sugar Rush Rx resources. It covers data collected online through this website and any related communications we initiate.

Categories of Personal Data Processed

• Identification and contact data: name, email address, postal address, and similar identifiers you provide.
• Account credentials: username, password, and account settings (if account functionality is offered).
• Communications data: inquiries, feedback, and correspondence content.
• Usage and device data: IP address, browser type, operating system, device identifiers, pages viewed, links clicked, referral URLs, date/time stamps, and approximate location derived from IP.
• Cookies and similar technologies: identifiers and telemetry used for essential site functions, analytics, preferences, and, where applicable, advertising measurement.
• Content submissions: comments, reviews, or forms you submit, which may include any information you choose to provide.
• Transaction-related data: if paid services are offered in the future, limited payment metadata (processed by a payment processor; we do not store full payment card numbers).
• Inferences: derived insights about preferences or interests created from other personal data, as allowed by law.
• Health-related information: we do not seek health or special category data. If you voluntarily disclose health information in communications, it will be processed only as described below.

Purposes of Processing and Legal Bases

• Providing and maintaining the website and services: to deliver content, features, and customer support (legal bases: performance of a contract or legitimate interests).
• Account management: to create, secure, and administer user accounts (legal bases: contract, legitimate interests).
• Communications: to respond to inquiries, send administrative messages, and manage your requests (legal bases: contract, legitimate interests).
• Personalization and improvements: to analyze usage, improve functionality, develop new features, and enhance user experience (legal basis: legitimate interests; consent where required for cookies/analytics).
• Security and fraud prevention: to protect the site, investigate, and prevent security incidents (legal basis: legitimate interests; legal obligation where applicable).
• Marketing: to send newsletters or promotional content with your consent and subject to opt-out at any time (legal basis: consent; or legitimate interests where permitted by law).
• Legal compliance: to comply with legal obligations and respond to lawful requests (legal basis: legal obligation).
• Research and quality assurance: to perform aggregated analysis and reporting (legal basis: legitimate interests; data is often de-identified or aggregated where feasible).

Special Categories and Health Information

Sugar Rush Rx is an informational resource and is not a covered entity or business associate under HIPAA. We do not request or require special category data (e.g., health, biometric, racial/ethnic origin). Please do not submit protected health information. If you voluntarily provide health-related information, we will process it only with your explicit consent, to respond to your inquiry, or to protect vital interests in rare circumstances. We do not use such information for marketing without your explicit consent and implement heightened safeguards where feasible.

Sources of Personal Data

• Directly from you when you provide information via forms, emails, account registration, or content submissions.
• Automatically through cookies, pixels, and similar technologies when you access or use the site.
• From service providers and partners that support analytics, security, hosting, or communications, in accordance with applicable law and contracts.

Data Retention

We retain personal data only as long as necessary for the purposes described, including to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce agreements. Retention periods depend on the type of data, the sensitivity of the information, and legal requirements. When data is no longer needed, we will delete or de-identify it in a secure manner.

Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to operate the site, measure performance, remember preferences, and, where applicable, support marketing measurement.

Types of Cookies

• Essential: required for core functionality and security.
• Performance/Analytics: help us understand how the site is used to improve it.
• Functional: remember choices to provide enhanced features.
• Advertising/Measurement: assess the effectiveness of outreach and, where applicable, deliver or limit promotional content.

Where required by law, we seek your consent before setting non-essential cookies. You may manage cookies via your browser settings and device controls. Disabling cookies may affect site functionality.

Disclosures and International Transfers

We disclose personal data to the following categories of recipients, only as necessary and subject to appropriate safeguards:

• Service providers (processors) for hosting, analytics, security, email delivery, customer support, and related services.
• Professional advisors (e.g., legal, accounting) under duties of confidentiality.
• Authorities and parties in legal proceedings where required by law or to protect rights, safety, and security.
• Affiliates or successors in the event of a merger, acquisition, or asset transfer, subject to continued protections.

If you are located in the EEA, UK, or Switzerland, your data may be transferred to the United States or other jurisdictions that may not provide the same level of data protection as your home country. We implement appropriate transfer safeguards such as the European Commission’s Standard Contractual Clauses and supplementary measures, as needed. We assess requests from public authorities carefully and disclose only where legally compelled.

Security Measures

We implement administrative, technical, and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. While we strive to protect your information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your GDPR Rights

If you are in the EEA, UK, or Switzerland, you have the following rights, subject to legal limits:

• Access: obtain confirmation whether we process your data and receive a copy.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data in certain circumstances.
• Restriction: request restriction of processing in certain circumstances.
• Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Objection: object to processing based on legitimate interests, including profiling, and to direct marketing at any time.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
• Human review: request review of decisions based solely on automated processing that produce legal or similarly significant effects, if any.

We will respond to verified requests without undue delay and within the time limits set by law. We do not discriminate for exercising your rights.

Exercising Your Rights

To exercise any rights, contact us at [email protected]. Please specify the right you wish to exercise and provide sufficient information to verify your identity. You also have the right to lodge a complaint with your local supervisory authority.

Automated Decision-Making

We do not engage in processing that produces legal or similarly significant effects based solely on automated decision-making. We may use automated tools for analytics and content customization that do not have such effects.

U.S. State Privacy Disclosures

For residents of certain U.S. states (including California, Virginia, Colorado, Connecticut, and Utah), applicable laws may grant rights such as access, correction, deletion, portability, and the right to opt out of sales, sharing for cross-context behavioral advertising, or targeted advertising. We do not knowingly sell personal information for monetary consideration. If we use cookies or similar technologies that may constitute a “sale” or “sharing” under applicable law, you may manage preferences via cookie settings or browser signals, including Global Privacy Control, where technically feasible. You may submit state privacy requests to [email protected].

Children’s Privacy

Our services are intended for a general audience and are not directed to children under 13 years of age. We do not knowingly collect personal data from children under 13. If we learn that a child under 13 has provided personal data, we will delete it promptly.

Updates to This Notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date below.

Effective date: 05 September 2025

Definitions

• Personal data: any information relating to an identified or identifiable natural person.
• Processing: any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
• Controller: the natural or legal person that determines the purposes and means of processing personal data.
• Processor: a natural or legal person that processes personal data on behalf of the controller.