Privacy Policy

1. Introduction

This Privacy Policy explains how [Your Company Name] (“we”, “us”, “our”) collects, uses, and protects your personal data when you use this website or purchase products from us.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

[Your Company Name] is the data controller responsible for your personal data.

Contact details:
Email: [your email]
Address: [your business address]

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: name, title

  • Contact Data: billing address, delivery address, email address, phone number

  • Financial Data: payment details (processed securely via third-party payment providers)

  • Transaction Data: details of products purchased and order history

  • Technical Data: IP address, browser type, device information

  • Usage Data: how you use our website

4. How We Collect Your Data

We collect data when you:

  • Place an order

  • Create an account

  • Contact us

  • Use our website (via cookies and analytics tools)

5. How We Use Your Personal Data

We use your data to:

  • Process and fulfil orders

  • Manage payments and deliveries

  • Communicate with you بشأن your orders

  • Provide customer support

  • Improve our website and services

  • Comply with legal obligations

  • Prevent fraud and misuse

6. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Contractual necessity – to fulfil your order

  • Legal obligation – to comply with applicable laws

  • Legitimate interests – to operate and improve our business

  • Consent – for marketing communications (where applicable)

7. Sharing Your Data

We may share your personal data with:

  • Payment processors

  • Delivery and courier companies

  • IT and website service providers

  • Professional advisers (legal, accounting)

  • Regulatory or law enforcement authorities where required

We ensure all third parties respect the security of your personal data.

8. International Transfers

If your data is transferred outside the UK, we ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil the purposes we collected it for

  • Comply with legal, tax, and accounting requirements

10. Your Legal Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (“right to be forgotten”)

  • Object to processing

  • Restrict processing

  • Request data portability

  • Withdraw consent at any time (where applicable)

To exercise your rights, please contact us using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse.

12. Cookies

Our website uses cookies to improve your experience and analyse usage.

For more information, please see our Cookie Policy.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact:

Email: hello@surreypeptides.co.uk