This Privacy Policy explains how UK Peptides ("we", "us", "our") collects and uses personal data when you visit ukpeptides.online, place an order, contact us, or otherwise interact with us.
We process personal data in line with the UK GDPR and the Data Protection Act 2018.
1) Who is the data controller?
Data controller: UK PEPTIDES LIMITED (trading as "UK Peptides")
Address: 39 Malvern Avenue, Liverpool, England, L14 6TR
Email for privacy queries: support@ukpeptides.online
General support: support@ukpeptides.online
If we are required to appoint a Data Protection Officer (DPO), we will publish their contact details here.
2) What personal data we collect
A) Identity and contact data
- name
- email address
- telephone number (if provided)
B) Order and account data
- billing and shipping address
- order contents and order history
- account profile details (name, email, password hash, verification status, login timestamps)
- order-history linking between guest and account orders when emails match safely
- affiliate attribution data when a discount/affiliate code is used
- communications with our support team
C) Payment data
Payments are handled through bank transfer and/or Tide payment links. We store payment-status records and any payer/reference details you submit so we can verify payment manually. We do not store full card details.
D) Technical and usage data
- IP address
- device, browser, and operating system information
- pages visited and actions taken on the site
We use this data for security, fraud prevention, troubleshooting, and (with consent where required) analytics.
E) Cookies and similar technologies
We use cookies and similar technologies as described in our Cookie Policy.
3) How we collect personal data
We collect personal data when you:
- place an order or attempt to checkout,
- contact us through the contact form or email,
- interact with our emails, or
- use the site (through cookies, server logs, and similar technologies).
4) How we use your personal data and our lawful bases
We only use personal data where we have a lawful basis under UK GDPR. Key purposes include:
A) To process and fulfil orders (Contract)
create orders, verify payment submissions, deliver products, provide order updates, and handle returns/refunds.
B) To comply with legal obligations (Legal obligation)
- maintain transaction and accounting records,
- respond to lawful requests from regulators or law enforcement.
C) To protect our business and customers (Legitimate interests)
- fraud prevention and security monitoring,
- ensuring site stability and performance,
- preventing abuse of our services and enforcing our terms.
D) Analytics and performance (Consent, where required)
measuring site usage and improving the user experience.
E) Marketing communications (Consent or legitimate interests, depending on channel)
If you sign up to marketing emails, you can unsubscribe at any time using the link in the email. We do not send marketing emails unless we have a lawful basis to do so under PECR.
5) Who we share data with
We share personal data with trusted third parties only where necessary, such as:
- Payment processing: secure payment providers (to process payments and refunds)
- Email delivery: Resend (if enabled) or another email service provider
- Hosting/infrastructure: hosting provider and CDN
- Delivery: shipping carriers and fulfilment partners (where applicable)
- Analytics: analytics providers (only if enabled and consented, where required)
- Professional advisers: legal, accounting, and insurance advisers where necessary
All service providers are required to protect personal data and only process it under our instructions.
6) International transfers
Some service providers may process personal data outside the UK. Where that happens, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or other legally recognised transfer mechanisms.
7) Data retention
We keep personal data only as long as necessary for the purposes above, including legal, accounting, and reporting requirements.
In general:
- order/accounting records are retained for the period required by UK tax and company law (often up to 6 years), and
- support communications are retained for as long as needed to resolve queries and manage potential disputes.
8) Security
We use appropriate technical and organisational measures to protect personal data, including access controls and encryption in transit where supported. However, no online service can be guaranteed 100% secure.
9) Your rights
Depending on your circumstances, you have rights under UK GDPR, including the right to:
- be informed,
- access your personal data,
- rectification,
- erasure,
- restriction of processing,
- data portability, and
- object to processing.
To exercise your rights, contact us at support@ukpeptides.online. We may need to verify your identity.
10) Complaints
If you have a complaint, please contact us first and we will try to resolve it. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
11) Children
Our site and products are not intended for children. You must be 18+ to place an order.
12) Changes to this policy
We may update this policy from time to time. The latest version will always be posted on this page with an updated "Last updated" date.