1. Introduction

Power Peptides respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and the rights you have in relation to your personal data.

2. Information We Collect

We may collect and process the following types of personal data:

• Identity data: name and, if provided, title.
• Contact data: email address, billing address, delivery address.
• Order data: products purchased, order history, payment status.
• Account data: login credentials, account preferences.
• Technical data: IP address, browser type, device information and basic analytics data.
• Communication data: emails and messages sent to us, including support requests.
• Marketing data: mailing list subscription status and email engagement (via MailPoet).

3. How We Use Your Data

We process your personal data for the following purposes:

• To process and deliver your orders, including payment and shipping.
• To provide order confirmations, updates and customer support.
• To manage your account and login if you choose to create one.
• To send optional marketing communications, where you have opted in.
• To improve our website, products and customer experience.
• To detect and prevent fraud and secure our website.
• To comply with legal and regulatory obligations, including tax and accounting requirements.

4. Legal Bases for Processing (UK GDPR)

We rely on the following legal bases under UK GDPR to process your personal data:

• Contract: to process and fulfil your orders and provide related services.
• Legitimate interests: for site security, fraud prevention, customer service and business improvement.
• Consent: for email marketing and non-essential cookies, where you actively opt in.
• Legal obligation: to retain certain records for tax and accounting purposes.

5. Payment & Third-Party Service Providers

We use third-party providers to process payments and support our services. These may include, for example:

• Payment gateways such as Stripe and PayPal (including support for Visa, Mastercard, Apple Pay and Google Pay),
• MailPoet for email list management and marketing emails,
• Website hosting, security and backup providers.

These providers act as independent controllers or processors of your data and have their own privacy policies. Payment card details are handled securely by the payment gateway; we do not store full card numbers on our systems.

6. Data Retention

We retain personal data only for as long as is reasonably necessary for the purposes for which it was collected, including for satisfying any legal, regulatory, tax or reporting requirements.

• Order and transaction records are typically kept for up to 6 years to comply with legal obligations.
• Marketing data is retained until you unsubscribe or request deletion.
• Contact and support communications may be retained for up to 12 months.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to support website functionality and improve your experience. Essential cookies (for example, those that keep items in your cart or handle login sessions) are required for the site to function and are always active.

Non-essential cookies, such as analytics or marketing cookies, are only used where you have explicitly consented via our cookie banner. You can withdraw or adjust your cookie preferences at any time.

8. Data Sharing

We may share your personal data with trusted third parties solely for the purposes described in this policy, such as:

• payment processors,
• email and newsletter providers (e.g. MailPoet),
• courier and postal services for delivery,
• IT, hosting and security providers.

We do not sell your personal data to third parties.

9. International Transfers

Some of our service providers may store or process personal data outside of the UK. Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place, for example by using Standard Contractual Clauses or equivalent lawful mechanisms.

10. Your Rights

Under UK data protection law, you have the following rights in relation to your personal data:

• Access: to request a copy of the personal data we hold about you.
• Rectification: to request correction of inaccurate or incomplete data.
• Erasure: to request deletion of your data in certain circumstances.
• Restriction: to request that we limit the processing of your data.
• Portability: to request a copy of your data in a commonly used format.
• Objection: to object to processing based on legitimate interests or direct marketing.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at: support@powerpeptides.co.uk.

11. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration. This may include the use of secure connections (SSL), access controls, backups and security monitoring.

However, no method of transmission over the internet or electronic storage is completely secure, and absolute security cannot be guaranteed.

12. Complaints

If you have concerns about how your personal data is handled, please contact us first so we can try to resolve the issue: support@powerpeptides.co.uk.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: ico.org.uk

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the “Last Updated” date will be revised accordingly. We encourage you to review this page periodically to stay informed about how we protect your data.