Data Protection

Aug, 31 2025

Scope and Identity of the Controller

This General Data Protection Regulation (GDPR) Notice describes how RSE eLearning processes personal data when operating the website rseselearning.org and providing evidence-based educational content on medications, diseases, and dietary supplements. This Notice applies when we act as a controller of personal data, including for individuals located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland. As a United States-based organization, we also maintain practices aligned with applicable U.S. federal and state privacy laws.

Controller: RSE eLearning, United States of America.

Contact: [email protected].

Categories of Personal Data We Process

  • Identifiers and contact information: name, email address, account credentials (if you create an account), and communication preferences.
  • Device and usage data: IP address, device identifiers, browser type, operating system, referring/exit pages, timestamps, pages viewed, clicks, and interactions with our content and tools (e.g., monographs, drug interaction checkers, and course progress).
  • Approximate location data derived from IP address.
  • Professional and education information you choose to provide (e.g., clinical role, specialty, institution) to tailor content and continuing education features, where available.
  • Support communications: content of messages, feedback, and survey responses.
  • Sensitive data: We do not seek to collect protected health information or other sensitive personal data. If you voluntarily provide such information, we will process it only as necessary to address your request and will promptly minimize or delete it when feasible.

Sources of Personal Data

  • Directly from you when you register, subscribe, contact support, submit forms, or participate in surveys.
  • Automatically through cookies and similar technologies when you access or use our website.
  • From service providers and partners that support site hosting, analytics, and communications.

Purposes and Legal Bases for Processing

Service Delivery and Account Management

We process data to provide and maintain our website, tools, and educational content; create and manage user accounts; and deliver requested features.

  • Legal bases: performance of a contract; legitimate interests in operating an efficient, reliable service.

Analytics and Service Improvement

We analyze usage to improve site performance, content relevance, and user experience; to detect and remediate errors; and to develop new features.

  • Legal bases: legitimate interests in improving services; consent where required (e.g., for non-essential cookies).

Communications and Support

We send administrative notices, respond to inquiries, and provide educational updates and newsletters where you opt in.

  • Legal bases: legitimate interests in communicating with users; consent for marketing communications.

Compliance and Protection

We process data to comply with legal obligations, enforce terms, prevent fraud and abuse, and protect the security and integrity of our services.

  • Legal bases: legal obligation; legitimate interests in security and fraud prevention.

Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to enable core functionality, remember preferences, perform analytics, and (if enabled) support marketing communications. Where required by law, we request your consent for non-essential cookies. You can manage your preferences via your browser settings and any on-site cookie controls; disabling certain cookies may affect functionality.

Disclosures of Personal Data

  • Service providers processing data on our behalf (e.g., hosting, analytics, email delivery, customer support) under written contracts and subject to confidentiality and security obligations.
  • Professional advisors, auditors, and insurers as necessary.
  • Authorities and legal proceedings to comply with law or enforce our rights.
  • Business transfers in connection with a merger, acquisition, or asset sale, subject to continued protections consistent with this Notice.

We do not sell personal data, and we do not share personal data for cross-context behavioral advertising.

International Data Transfers

We are located in the United States. If we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries without an adequacy decision, we rely on appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms. We will take additional measures as needed to protect personal data during and after transfer.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Notice, including to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category and context. When retention is no longer necessary, we will delete, anonymize, or securely de-identify the data.

Security Measures

We implement reasonable and appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include access controls, encryption in transit where appropriate, least-privilege principles, and vendor due diligence. No method of transmission or storage is completely secure; we continuously evaluate and enhance our safeguards.

Your Rights Under the GDPR

Where the GDPR applies, you have the following rights, subject to applicable limitations:

  • Access: to obtain confirmation and a copy of your personal data we process.
  • Rectification: to request correction of inaccurate or incomplete data.
  • Erasure: to request deletion of your personal data where grounds apply.
  • Restriction: to request restriction of processing in certain circumstances.
  • Portability: to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
  • Objection: to object to processing based on our legitimate interests, including profiling, and to object to direct marketing at any time.
  • Consent withdrawal: where processing is based on consent, to withdraw consent at any time without affecting prior lawful processing.
  • Complaint: to lodge a complaint with a supervisory authority if you believe our processing infringes GDPR.

Exercising Your Rights

To exercise your rights or submit a privacy request, contact us at [email protected]. We may request information necessary to verify your identity and authority. We will respond without undue delay and within one month of receipt, extendable by two further months where necessary due to complexity or volume; if extended, we will inform you of the reasons and timeline.

Children’s Privacy

Our services are intended for users aged 16 and older and for professional and educational purposes. We do not knowingly collect personal data from children under 13 (or a higher age where required by local law). If you believe a child has provided personal data to us, please contact us so we can take appropriate action.

Automated Decision-Making

We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects concerning individuals.

United States Supplemental Notice

This section provides additional disclosures for U.S. residents under applicable state privacy laws. We collect the categories of personal information described above for the business purposes listed under Purposes and Legal Bases for Processing. We disclose personal information to service providers and other recipients as described under Disclosures of Personal Data. We do not sell personal information and do not share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than those permitted by law.

U.S. State Privacy Rights

Depending on your state of residence, you may have rights to access, correct, delete, obtain a copy of your personal information, and opt out of certain processing. You may also have the right to appeal our decision regarding a request. To exercise these rights or submit an appeal, contact [email protected]. We will not discriminate against you for exercising your privacy rights.

Data Protection Officer and EU Representative

We have not appointed a Data Protection Officer or an EU/UK Representative because we currently do not meet the applicable thresholds requiring such appointments. We will reassess our obligations periodically. For all privacy inquiries, contact [email protected].

Changes to This Notice

We may update this Notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by additional notice. Your continued use of our services after an update constitutes acknowledgment of the revised Notice.

Contact Information

RSE eLearning
United States of America
Email: [email protected]