1. Who we are
Orvion is the data controller for the personal data described in this policy. Contact us at privacy@peptideslabuk.com.
2. Data we collect
- Identity and contact data — name, email, billing and shipping address, phone, organisation / institution.
- Order data — products purchased, prices, order history, currency selected, communications about your orders.
- Payment data — handled by our payment processors (Stripe, PayPal, etc.). We receive a token, last-four digits, and card brand. We never store full card numbers.
- Technical data — IP address, device type, browser, referrer, pages viewed, cookies, approximate location derived from IP.
- Marketing data — your subscription status, opens, clicks, and preferences for our research mailing list.
- Eligibility confirmations — your acknowledgement that you are a qualified researcher and that products are for laboratory use only.
3. How we use your data and our lawful basis
- Contract — to process orders, take payment, ship products, and provide customer support.
- Legal obligation — to keep tax, accounting, and regulatory records, and to respond to lawful requests from authorities.
- Legitimate interests — to operate, secure, and improve the site, prevent fraud, screen orders for misuse, and conduct analytics.
- Consent — for marketing emails and non-essential cookies. You can withdraw consent at any time.
4. Cookies and similar technologies
We use strictly-necessary cookies for site functionality (cart, age-gate, currency, session). With your consent, we also use analytics and marketing cookies to understand usage and measure campaigns. You can manage cookies via your browser or our cookie banner.
5. Sharing your data
We share personal data only with:
- Payment processors (Stripe, PayPal, etc.) to take and reconcile payments.
- Shipping carriers and fulfilment partners to deliver your order.
- Analytics, email, and hosting providers acting as our processors under written contract.
- Professional advisers (lawyers, accountants) and authorities where required by law.
- An acquirer or successor entity in the event of a sale, merger, or restructuring.
We do not sell your personal data.
6. International transfers
Some of our processors are located outside the UK / EEA. Where this is the case, we rely on UK / EU adequacy decisions or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, with appropriate safeguards.
7. Retention
- Order, tax, and accounting records: 6 years from the end of the relevant tax year.
- Customer-support correspondence: up to 3 years.
- Marketing data: until you unsubscribe, then suppressed permanently to honour your opt-out.
- Server logs and analytics: up to 26 months.
8. Your rights
Under UK GDPR you may request to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data (subject to our legal-retention obligations).
- Restrict or object to processing, including direct marketing.
- Receive a copy of your data in a portable format.
- Withdraw consent at any time, without affecting prior lawful processing.
Email privacy@peptideslabuk.com to exercise any right. You may also complain to the UK Information Commissioner's Office (ico.org.uk).
9. Security
We use TLS encryption in transit, encrypted storage at rest, access controls, and PCI-DSS-compliant payment processors. No system is perfectly secure; please use a strong, unique password and notify us immediately if you suspect any compromise of your account.
10. Children
This site is not directed at anyone under 21. We do not knowingly process data from minors.
11. Changes
We may update this policy from time to time. Material changes will be flagged on the site or by email where we hold a current address.
12. Contact
Privacy questions: privacy@peptideslabuk.com.