Privacy policy

1 Introduction and Scope

This Privacy Policy outlines how SunilMadhavs World (hereinafter “we,” “us,” or “our”) collects, processes, and protects the personal data of healthcare professionals, researchers, and visitors to our website dedicated to delivering the latest medical research news. This policy is crafted in strict compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws. Our commitment to data protection is fundamental to our operations, especially given the professional nature of our audience and the sensitivity of the information we handle. We process personal data transparently and lawfully, ensuring that your privacy rights are respected throughout your engagement with our platform.

This policy applies to all personal data collected through our website, mobile applications, subscription services, and any interactions you may have with our professional content and services. It specifically addresses our adherence to GDPR principles, including lawful processing, data minimization, and accountability. As a platform serving healthcare professionals, we recognize the heightened responsibility to protect your professional and personal information. We do not knowingly collect sensitive special category data (such as health information) beyond professional credentials, unless voluntarily provided by users through comments or inquiries. Our policy extends to all data subjects within the European Economic Area (EEA) and is designed to meet the stringent requirements of GDPR for transparency and user control .

2 Data Controller Information

The data controller responsible for your personal data is:

Organization Name: Sunil Madhav Sanapala
Address: Door no 39-17-11/4/1.Madhavadhara, Visakhapatnam, Andhra Pradesh, India
Email: helm@sunilmadhavs.world
Phone: [Your Phone Number]

Our Data Protection Officer (DPO) can be reached at:

DPO Contact: dpo@medresearchnews.com
Purpose: For all questions related to data protection, privacy practices, or to exercise your rights under GDPR.

3 Data We Collect

We collect personal data that you provide directly to us, as well as data collected automatically through your use of our website. The types of data we collect include:

Professional Identification Data: Name, professional title, institutional affiliation, and contact details (email address, phone number) provided during account registration or subscription.
Technical Data: IP address, browser type, device information, and usage data collected through cookies and similar technologies (see our Cookie Policy section for details).
Content Interaction Data: Information about your interactions with our content, including articles accessed, time spent on pages, download history of research summaries, and participation in professional forums or comment sections.
Communication Data: Records of correspondence when you contact us with inquiries, support requests, or feedback.
Subscription and Preference Data: Your preferences for email alerts, newsletter subscriptions, and topics of professional interest.

We collect this data through direct interactions (e.g., forms you complete), automated technologies (e.g., cookies server logs), and occasionally from third-party sources such as professional verification services or academic institutions to validate professional credentials. We ensure that data collection is limited to what is necessary and relevant for the purposes described below .

4 How We Use Your Data (Purposes and Lawful Bases)

We process your personal data only for specified, explicit, and legitimate purposes as outlined below, and we rely on the following lawful bases under GDPR:

Performance of a Contract: To provide access to our research news content, manage your account, and deliver subscribed services.
Legitimate Interests: To improve our website, conduct analytics, and ensure security, provided these interests are not overridden by your rights.
Consent: For marketing communications, non-essential cookies, and other purposes where we explicitly seek and obtain your consent.
Legal Obligation: To comply with applicable laws and regulations, such as tax or auditing requirements.

Table: Detailed Purposes and Lawful Bases for Processing

Processing Purpose	Lawful Basis	Data Categories Used
Providing access to research content and account management	Performance of a Contract	Professional Identification, Technical
Personalizing content based on specialty and interests	Legitimate Interests	Professional Identification, Content Interaction
Sending email alerts and newsletters (marketing)	Consent	Professional Identification, Subscription Data
Analyzing website usage and improving services	Legitimate Interests	Technical, Content Interaction
Professional verification and credential validation	Legitimate Interests	Professional Identification
Responding to inquiries and support requests	Performance of a Contract	Professional Identification, Communication
Ensuring security and preventing fraud	Legitimate Interests	Technical, Professional Identification
Compliance with legal and regulatory requirements	Legal Obligation	All categories as necessary

We will only use your personal data for the purposes for which we collected it. If we need to use your data for an unrelated new purpose, we will notify you and explain the legal basis for doing so. You have the right to object to processing based on legitimate interests at any time (see “Your Rights” section) .

We may share your personal data with the following categories of recipients under strict contractual safeguards:

Service Providers: Data processors who assist us in hosting, analytics, email delivery, marketing, and professional verification services. These providers (e.g., Google Analytics) are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance.
Professional and Academic Partners: Research institutions or medical associations co-hosting webinars or events, only with your explicit consent.
Legal and Regulatory Authorities: When required to comply with legal obligations, protect our rights, or prevent fraud.

We do not sell or rent your personal data to third parties for marketing purposes. All third-party providers are vetted for GDPR compliance and are permitted to process your data only for specified purposes in accordance with our instructions .

5.2 International Transfers

As a global platform, your data may be transferred to and processed in countries outside the EEA, such as the United States. We ensure all international transfers are governed by GDPR-approved safeguards:

Adequacy Decisions: Transfers to countries deemed by the EU Commission to have adequate data protection laws.
Standard Contractual Clauses (SCCs): EU-approved clauses between us and the recipient.
Binding Corporate Rules (BCRs): For intra-organizational transfers within multinational partners.

You can obtain details of the specific mechanisms used for international transfers by contacting our DPO .

6 Data Security and Retention

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration. These measures include:

Encryption: Data is encrypted in transit (using SSL/TLS protocols) and at rest.
Access Controls: Strict role-based access restrictions to ensure only authorized personnel can access your data.
Regular Security Assessments: Periodic testing and evaluation of our security practices.
Staff Training: Comprehensive GDPR and security training for all employees handling personal data.

Despite these measures, no online transmission is entirely secure. We have procedures in place to deal with suspected data breaches and will notify you and the relevant supervisory authority of a breach where legally required .

6.2 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Our retention periods are based on the following criteria:

Active Accounts: Data is retained while your account is active and for a period of 24 months after your last activity.
Marketing Data: Retained until you withdraw consent or opt-out, after which we suppress the data rather than delete it to ensure we do not inadvertently re-contact you.
Legal Obligations: Some data (e.g., transaction records) may be retained for up to 7 years to comply with tax laws.

Upon expiration of the retention period, data is securely deleted or anonymized for statistical use, where it ceases to be personal data .

Under GDPR, you have the following rights regarding your personal data. These rights are not absolute and may be subject to certain conditions and exemptions.

Table: Summary of Data Subject Rights under GDPR

Right	Description	How to Exercise
Right of Access	To request copies of your personal data.	Submit a request via email or your account portal.
Right to Rectification	To correct inaccurate or incomplete data.	Edit your account details or contact us.
Right to Erasure	To request deletion of yours data.	Submit a request to the DPO.
Right to Restriction	Request limitation of processing under certain conditions. To limit how your data is used.	Contact us with justification for the restriction.
Right to Data Portability	Receive your data in a structured, machine-readable format.	Request via email or account settings.
Right to Object	Object to processing based on legitimate interests. object.	Opt-out mechanisms in emails or contact us.
Right to Withdraw Consent	Withdraw consent at any time for processing based on consent.	Use unsubscribe links or update preferences.
Right to Lodge a Complaint	Complain to a supervisory authority if dissatisfied.	Contact your local data protection authority.

To exercise any of these rights, please contact our DPO at dpo@medresearchnews.com. We respond to all legitimate requests within one month, which may be extended for complex requests. We may need to verify your identity before processing your request to ensure security .

8 Cookies and Tracking Technologies

Our website uses cookies and similar technologies to distinguish you from other users, improve user experience, and analyze website traffic. For detailed information on the cookies we use and their purposes, please see our Cookie Policy below.

Types of Cookies Used:
Essential Cookies: Necessary for website functionality and security. These do not require consent.
Analytical/Performance Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). These require consent.
Functionality Cookies: Remember your preferences and settings.
Targeting Cookies: Used to deliver relevant ads and track campaign performance.
Consent Management: We obtain explicit consent for non-essential cookies via our cookie banner. You can manage your preferences at any time through the cookie settings tool in your browser or on our website. Most browsers also allow you to refuse or delete cookies; however, blocking essential cookies may impair website functionality .

9 Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our practices, legal requirements, or technological developments. The updated version will be posted on our website with the effective date clearly indicated. Where changes are material, we will provide a prominent notice and, where required by law, seek your consent. We encourage you to review this policy regularly to stay informed about how we are protecting your data .

10 Contact and Complaint Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer at helm@sunilmadhavs.world. You also have the right to lodge a complaint with the supervisory authority in your country of residence or work. A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en .

Effective Date: August 29, 2025
Last Updated: August 29, 2025

This policy is reviewed annually or as needed to ensure ongoing compliance with GDPR and other data protection regulations.