Privacy Policy

Last updated: February 10, 2026

This Privacy Policy is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and applies to all users located within the European Union.

This Privacy Policy applies to the website https://pharmalexica.com, which is intended for informational and educational purposes only, and to the related web application, which is currently provided free of charge during a testing phase.

1. Data Controller

The Data Controller of the personal data processed through this website and the related web application is:

Name: Angelo Leone

Website: https://pharmalexica.com

Official contact email: info@pharmalexica.com

(hereinafter, the “Controller”).

2. Categories of Personal Data Processed

The Controller processes the following categories of personal data:

  • Identification data: Full name
  • Contact data: Email address
  • Authentication data: Email address and authentication identifiers
  • Technical and usage data: Technical access data and aggregated and anonymous usage statistics

No special categories of personal data (Art. 9 GDPR) or data relating to criminal convictions and offences are processed.

3. Purposes of Processing and Legal Bases

3.1 Newsletter subscription

The website uses MailerLite to manage newsletter communications.

Data processed: Email address

Purpose: Sending newsletters and informational updates related to the content published on the website

Legal basis: Consent of the data subject (Art. 6(1)(a) GDPR)

Withdrawal of consent: Consent may be withdrawn at any time via the unsubscribe link included in every email, or by contacting the Controller at info@pharmalexica.com.

MailerLite Privacy Policy

3.2 Contact form, password delivery, and acceptance of the Terms of Use

The website uses Contact Form 7 to collect data necessary to send access credentials to users.

Data processed: Name, Email address

Purposes: Sending a password generated upon user request; Managing communications strictly related to the request; Documenting the acceptance of the Terms of Use of the web application

Legal bases: Performance of pre-contractual measures (Art. 6(1)(b) GDPR); Legitimate interest of the Controller (Art. 6(1)(f) GDPR)

3.3 Authentication and access to the web application

Access to the web application connected to this website is managed through Firebase (Firebase Authentication). The web application infrastructure is hosted on Cloudflare Pages (frontend) and on a virtual private server (VPS) provided by IONOS, located within the European Union (backend/API).

Data processed: Email address, Authentication identifiers, Technical access data

Purposes: User authentication; Secure access to the application; Technical management of access during the testing phase

Legal bases: Performance of pre-contractual measures (Art. 6(1)(b) GDPR); Legitimate interest in ensuring system security (Art. 6(1)(f) GDPR)

Google / Firebase Privacy Policy | Cloudflare Privacy Policy | IONOS Privacy Policy

3.4 Website analytics

The website uses Koko Analytics, a self-hosted WordPress analytics plugin.

Characteristics: No cookies, No tracking, No profiling, No geolocation, Aggregated and anonymous statistics only

Purpose: Measuring website usage in aggregated form; Improving content structure and performance

Legal basis: Legitimate interest of the Controller (Art. 6(1)(f) GDPR)

3.5 External platforms and links

The website includes links or embedded content redirecting users to external platforms, including YouTube and LinkedIn. Any processing of personal data carried out after redirection is governed exclusively by the respective third-party privacy policies.

4. Cookies and Consent Management

The website uses a cookie consent banner managed by CookieYes.

  • The website does not use profiling cookies
  • The website does not install third-party cookies for profiling purposes
  • Only strictly necessary technical cookies may be used for website functionality

5. Processing Methods and Security Measures

Personal data are processed using electronic tools, in accordance with the principles of lawfulness, fairness, transparency, data minimization, and confidentiality.

The Controller adopts appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.

6. Data Retention

  • Newsletter data: until consent is withdrawn
  • Contact form data: for the time strictly necessary to handle the request and for any related administrative needs
  • Authentication data: for the duration of the user’s access to the web application

7. Data Recipients and International Transfers

Personal data may be disclosed to service providers acting as Data Processors, including MailerLite, SupportHost, CookieYes, Cloudflare, IONOS, and Google / Firebase, as well as to any other providers strictly necessary for the technical functioning of the website and the web application.

Some of the service providers listed above may be based outside the European Economic Area (EEA) or may process personal data outside the EEA. In such cases, the Controller ensures that the transfer takes place in accordance with Articles 44 et seq. GDPR, including, where applicable, through the adoption of Standard Contractual Clauses (SCCs) or other appropriate safeguards.

8. Data Subject Rights

Data subjects may exercise their rights under Articles 15–22 GDPR, including the right to access, rectification, erasure, restriction, portability, and objection.

Requests may be sent to info@pharmalexica.com.

9. Right to Lodge a Complaint

Data subjects have the right to lodge a complaint with a competent Supervisory Authority.

10. Changes to this Privacy Policy

The Controller reserves the right to amend this Privacy Policy at any time. Changes will be published on this page with an updated revision date.

© 2026 PharmaLexica. All rights reserved.