Cookie Policy and Tracking Technologies

MedSurgery Store For Digital Health


Request for comments: MSF250807749

Tax address: Calle José Rosas Villavicencio #308, Colonia Infonavit, Guerrero Negro, Baja California Sur, CP 23940, Mexico.

Last update: September 21, 2025

This Cookie and Tracking Technologies Policy explains how we use cookies and similar technologies on our website https://medsurgery.store .

Cumplimos estrictamente con la Nueva Ley Federal de Protección de Datos Personales en Posesión de los Particulares (NLFPDPPP) de México (vigente desde marzo de 2025, que requiere consentimiento informado, derechos ARCO y aviso de privacidad para procesamiento de datos), y normativas internacionales como el Reglamento General de Protección de Datos (GDPR) de la UE (consentimiento explícito para cookies no esenciales, bajo Directiva ePrivacy), la California Consumer Privacy Act (CCPA/CPRA) de EE.UU. (opt-out for sales/data sharing, without discrimination), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) (implied consent for low risk, express for sensitive), Brazil's Lei Geral de Proteção de Dados (LGPD) (consent and rights similar to GDPR), South Korea's Personal Information Protection Act (PIPA) (consent for data minimization), and other global laws such as the UK's Privacy and Electronic Communications Regulations (PECR).

We are committed to transparency, data minimization and breach protection (reported within 72 hours if applicable under GDPR/CPRA).

1. What are Cookies and Similar Technologies?

Cookies are small files that are stored on your device to collect data such as preferences and browsing behavior. We also use pixels, beacons, tags and scripts for similar purposes. These collect personal data (e.g. IP, device ID) in accordance with NLFPDPPP (Mexico) and GDPR (EU), which classify as personal data if they identify individuals.

2. Types of Cookies We Use

We classify cookies according to their purpose and duration (session or persistent, up to 24 months maximum for minimization under PIPA/LGPD):
  • Essential/Necessary For basic operation (navigation, security). Do not require consent (exempt under GDPR/ePrivacy, implicit PIPEDA); cannot be disabled without affecting the site.
  • Functional/Preferences : Stores choices (language, region). Consent required (express under GDPR, informed under NLFPDPPP).
  • Analytics/Statistics Measure traffic (e.g. Google Analytics, anonymized data). Basis: Legitimate interest (GDPR) or consent (NLFPDPPP if not anonymized).
  • Advertising/Marketing Personalize ads (e.g. remarketing). Opt-in consent (GDPR, PIPA, LGPD); opt-out available (CCPA).
We do not use cookies for sensitive data (e.g. health, ethnicity) without express written consent (NLFPDPPP, GDPR Art. 9).

3. Purposes and Legal Basis for Processing We use cookies for:
  • Improve experience (navigation, personalization) - Basis: Consent (GDPR Art. 6(1)(a), NLFPDPPP) or legitimate interest (PIPEDA for low risk).
  • Analytics: Optimize site (e.g. visits, bounce rate) - Basis: Consent or legitimate interest (anonymized).
  • Advertising: Display relevant ads - Basis: Consent (LGPD, PIPA); we do not sell data (CCPA).
  • Security: Fraud detection - Basis: Legal compliance (all laws).
We retain data only as long as necessary (max. 24 months); then we anonymize or delete (minimization under PIPA/LGPD).

4. Consent and Cookie Management
  • Obtaining Consent When visiting, we display banner with clear options: Accept all, Reject non-essential, Manage preferences (granular by type, under GDPR/ePrivacy). Consent is free, specific, informed and revocable (NLFPDPPP, GDPR). Tacit consent is fine in Mexico for non-sensical, but we use express for global. Implied consent under PIPEDA for essential/low risk.
  • Management Configure in browser (block cookies) or banner. Revoke at any time without cost/discrimination (CCPA S. 1798.135). To unsubscribe from sales/sharing (CCPA/CPRA) or tracking: send an email to customer _service@medsurgery.store (mailto:_service@medsurgery.store) with "Opt-out Cookies". We do not discriminate (e.g., no higher prices).
  • Menores : No dirigimos a <18 años; Requerimos verificación parental si aplica (COPPA US, NLFPDPPP).
5. Third Party Sharing and International Transfers

We share with vendors (e.g. Google for Analytics, Shopify for hosting) under confidentiality agreements (NLFPDPPP Art. 36). Third parties: See policies of Google (policies.google.com), Shopify (shopify.com/legal/privacy). International transfers use standard clauses (GDPR Art. 46), BCR or equivalent (LGPD). For Korea (PIPA): Only with consent and minimization.

6. User Rights
  • Mexico (ARCO under NLFPDPPP) Access, Rectification, Cancellation, Opposition; limitation/revocation. Request a customer _service@medsurgery.store (mailto:_service@medsurgery.store) with ID.
  • GDPR (EU) ARCO + portability, forgetting, restriction (Art. 15-22).
  • CCPA/CPRA (California) Access, deletion, opt-out sales (non-discrimination).
  • LGPD (Brazil) Confirmation, correction, anonymization, portability.
  • PIPEDA (Canada) Access, correction, withdrawal of consent.
  • PIPA (Korea) Access, correction, suspension, deletion. Procedure: E-mail with details; response within 20 days (NLFPDPPP/GDPR). Appeals: ANTAI (Mexico, antai.gob.mx), EU authorities (e.g. AEPD Spain), CPPA (US), etc.
7. Security Measures

We implement encryption, firewalls and audits (PCI DSS for payments, ISO 27001 aligned). We report breaches to authorities (72 hours GDPR, 48 hours CPRA).

8. Changes to this policy

Modifications posted here; we notify by email/banner for significant changes (GDPR, CCPA). Continued use implies acceptance.

9. Contact and Authorities

Questions/complaints: customer _service@medsurgery.store (mailto:_service@medsurgery.store) o +52 449 414 7260.
Authorities: ANTAI (Mexico), EDPS (EU), PPO (Canada), ANPD (Brazil), PIPC (Korea).