Privacy Policy

1. Data Controller Information

Data Controller: PeptideSupplyUK.co.uk
Contact: Available via our contact page
Jurisdiction: United Kingdom

We are the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us.

2. Information We Collect

2.1 Information You Provide

When you place an order or create an account, we collect:

• Personal details: Name, email address, phone number
• Delivery information: Shipping address, billing address
• Payment information: Processed securely by our payment provider (we do not store full card details)
• Account information: Username, password (encrypted), order history
• Communication: Content of emails, contact form submissions, or chat messages

2.2 Information Automatically Collected

When you visit our website, we automatically collect:

• Device information: IP address, browser type, operating system
• Usage data: Pages visited, time spent, referring websites
• Cookies: See our cookie policy below for details
• Analytics data: Aggregated usage statistics

2.3 Information From Third Parties

• Payment providers: Transaction confirmations and payment status
• Delivery services: Shipping updates and delivery confirmations
• Fraud prevention services: Verification data to prevent fraudulent transactions

3. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

3.1 Contract Performance

Processing necessary to fulfill our contract with you, including:

• Processing and delivering your orders
• Providing customer service
• Managing your account
• Processing payments and refunds

3.2 Legitimate Interests

Processing necessary for our legitimate business interests:

• Fraud prevention and security
• Improving our website and services
• Marketing communications (where you haven't opted out)
• Business analytics and reporting

3.3 Legal Obligations

Processing required to comply with legal obligations:

• Tax and accounting records
• Responding to law enforcement requests
• Regulatory compliance for research chemical sales

3.4 Consent

Where you have given explicit consent:

• Marketing emails and newsletters
• Non-essential cookies
• Third-party data sharing (where applicable)

4. How We Use Your Information

4.1 Order Processing and Fulfillment

• Processing and dispatching your orders
• Sending order confirmations and shipping updates
• Handling returns and refunds
• Verifying your identity and preventing fraud

4.2 Customer Service

• Responding to your inquiries
• Providing technical support
• Handling complaints
• Improving our customer service

4.3 Website Improvement

• Analyzing website usage and performance
• Improving user experience
• Testing new features
• Fixing technical issues

4.4 Marketing (with your consent)

• Sending newsletters and product updates
• Informing you about special offers
• Conducting customer surveys
• Personalizing your shopping experience

4.5 Legal and Security

• Preventing fraud and unauthorized transactions
• Complying with legal obligations
• Enforcing our terms and conditions
• Protecting our rights and property

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

5.1 Service Providers

• Payment processors: Snipcart (for secure payment processing)
• Shipping companies: For order delivery
• Email service providers: For sending transactional and marketing emails
• Analytics providers: For website analytics (anonymized where possible)
• Hosting providers: Netlify (for website hosting)

5.2 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Enforce our terms and conditions

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change.

6. International Data Transfers

Some of our service providers may be located outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the UK ICO
• Transfers to countries with adequate data protection laws
• Ensuring service providers maintain equivalent data protection standards

7. Data Retention

We retain your personal data only for as long as necessary:

• Order data: 7 years (for tax and accounting purposes)
• Marketing data: Until you unsubscribe or request deletion
• Website analytics: Up to 26 months
• Customer service records: 3 years after last contact
• Account data: Until account deletion or 3 years of inactivity

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right to Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can ask us to correct inaccurate or incomplete data.

8.3 Right to Erasure

You can request deletion of your data (subject to legal obligations).

8.4 Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

8.5 Right to Data Portability

You can request your data in a structured, commonly used format.

8.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us via our contact page. We will respond within one month. There is no charge unless your request is manifestly unfounded or excessive.

9. Cookies and Tracking

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience.

9.2 Types of Cookies We Use

• Essential cookies: Required for website functionality (shopping cart, security)
• Analytics cookies: Help us understand how visitors use our site
• Marketing cookies: Used to deliver relevant advertisements
• Preference cookies: Remember your settings and preferences

9.3 Managing Cookies

You can control cookies through your browser settings. Blocking essential cookies may affect website functionality. For analytics and marketing cookies, we obtain your consent before setting them.

10. Security Measures

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption: For secure data transmission
• Secure payment processing: PCI DSS compliant payment providers
• Access controls: Limited access to personal data on a need-to-know basis
• Regular security audits: To identify and address vulnerabilities
• Staff training: All staff trained in data protection
• Incident response: Procedures for handling data breaches

11. Children's Privacy

Our website and products are not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately.

12. Marketing Communications

12.1 Email Marketing

We may send you marketing emails if:

• You have opted in to receive them
• You are an existing customer and we are marketing similar products (soft opt-in)

12.2 Unsubscribe

You can unsubscribe from marketing emails at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us directly
• Updating your account preferences

Note: You will still receive transactional emails (order confirmations, shipping updates) even if you unsubscribe from marketing.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.

14. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the UK Information Commissioner's Office (ICO) within 72 hours
• Inform affected individuals without undue delay
• Take immediate steps to mitigate any harm
• Conduct a thorough investigation

15. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will:

• Update the "Last Updated" date at the top
• Notify you of significant changes via email or website notice
• Continue to protect your data in accordance with UK GDPR

16. Contact Us

For privacy-related questions, concerns, or to exercise your data rights, please contact us:

• Via our contact page
• By email (address provided on contact page)

We aim to respond to all requests within one month.

17. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Tel: 0303 123 1113