```html

thyroid institute · Legal

Privacy Policy

Last updated: July 14, 2026

This Privacy Policy explains how thyroid institute (accessible at thyroid-institute.com) collects, uses, stores, and protects your personal data. It applies to all visitors and users of this website. Please read it carefully.

This website is an independent editorial health publication. We are committed to handling your personal data responsibly and in full compliance with applicable data protection law, including the General Data Protection Regulation (GDPR), the UK GDPR where applicable, and other relevant privacy regulations.

1. Controller and Contact

The data controller responsible for this website is:

Trusted Insights Limited

Office 3906, 39th Floor, The Center, 99 Queen's Road Central

Central, Hong Kong

Email: [email protected]

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at the email address above. We will respond within the timeframes required by applicable law (generally within 30 days).

2. What Data We Collect and Why

2.1 Data You Provide to Us

If you contact us via email or a contact form, we collect the information you provide (such as your name and email address) for the sole purpose of responding to your inquiry. This data is processed on the legal basis of Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures) or Article 6(1)(f) GDPR (our legitimate interest in handling user communications).

2.2 Newsletter / Email Subscription

If we offer an email newsletter or content subscription, we collect your email address with your explicit consent. The legal basis is Article 6(1)(a) GDPR (consent). You may withdraw your consent at any time by clicking the unsubscribe link in any email we send, or by contacting us directly. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

2.3 Automatically Collected Data (Server Logs)

When you visit this website, our hosting provider automatically collects standard server log data, which may include:

  • IP address (anonymized or full, depending on configuration)
  • Date and time of access
  • Pages visited and URLs requested
  • Browser type and version
  • Operating system
  • Referring URL

This data is collected to ensure technical operation, security, and stability of the website. The legal basis is Article 6(1)(f) GDPR (legitimate interest in IT security and website operation). Log data is retained only as long as technically necessary and is not used to identify individual users.

3. Hosting and Infrastructure

This website is hosted by a professional third-party hosting provider. The hosting provider may process technical data (such as IP addresses and server logs) as a data processor on our behalf, pursuant to a Data Processing Agreement (DPA) as required by Article 28 GDPR.

All data processing related to hosting takes place on servers with appropriate technical and organizational security measures in place. Where servers are located outside the European Economic Area (EEA), we ensure adequate safeguards are in place (such as Standard Contractual Clauses or equivalent mechanisms) to protect your data.

4. Cookies and Tracking Technologies

4.1 What Are Cookies?

Cookies are small text files placed on your device by a website. They allow the website to recognize your browser and store certain information. We distinguish between the following categories:

4.2 Strictly Necessary Cookies

These cookies are essential for the basic functionality of the website (e.g., session management, security tokens, cookie consent state). They do not require your consent under applicable law. They are set on the basis of Article 6(1)(f) GDPR (legitimate interest in secure and functional site operation).

4.3 Analytics Cookies

We may use web analytics tools to understand how visitors use the website (e.g., which pages are read most, how long visitors stay, general geographic regions). Analytics cookies are only set with your prior consent (Article 6(1)(a) GDPR), which we obtain through our cookie consent banner before any non-essential cookies are placed.

Where analytics tools involve the transfer of data to servers outside the EEA (e.g., in the United States), we ensure that appropriate safeguards are in place (Standard Contractual Clauses or equivalent). We configure analytics tools to anonymize IP addresses wherever technically possible.

4.4 Managing Your Cookie Preferences

You may withdraw or modify your cookie consent at any time by adjusting the settings in our cookie consent tool (accessible via the cookie settings link). You can also manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

For more information about cookies in general, visit www.allaboutcookies.org.

5. Legal Bases for Processing

We process personal data only where a valid legal basis exists under Article 6 GDPR. The legal bases we rely on are:

Processing Activity Legal Basis
Responding to contact inquiries Art. 6(1)(b) or Art. 6(1)(f) GDPR
Server logs and technical operation Art. 6(1)(f) GDPR – legitimate interest
Newsletter / email subscription Art. 6(1)(a) GDPR – consent
Analytics cookies Art. 6(1)(a) GDPR – consent
Strictly necessary cookies Art. 6(1)(f) GDPR – legitimate interest

6. Third-Party Services and Data Sharing

6.1 General Principle

We do not sell, rent, or trade your personal data. We share personal data with third parties only where necessary, permitted by law, and subject to appropriate safeguards.

6.2 Service Providers (Data Processors)

We engage third-party service providers who process data on our behalf as data processors, including: