Privacy Policy

• Identity Data includes first name, last name, any previous names, username or similar identifier, marital status, title, date of birth and gender.
• Contact Data includes billing address, delivery address, email address and telephone numbers.
• Financial Data includes bank account and payment card details.
• Transaction Data includes details about payments to and from you and other details of products you have purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
• Profile Data includes purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you interact with and use our website and products.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

4. How do we collect your personal data, what do we collect and what do we do with it?

We have set out below the personal data we may collect from you during your use of our website. and how this is used by HydroPeptide.

How and what personal data do we collect?	What do we do with it and why?
We collect your full name, gender, delivery address, billing address, email address, phone number and date of birth (should you choose to provide it) when you make a purchase via our website and/or register for an account with us.	register your account with us if you wish us to do so, store your details so it is easier for you to order on your next visit process and deliver any orders you place with us send you updates about our web-services (including updates to our terms and policies) to send our latest information and news to you by email, SMS and/or post (unless you specifically tell us you do not want us to) we may share your name, email address or phone number with the social media sites on which we present our adverts to check whether you use that social media site and (if you do) to present adverts for our products to you on that site. When we share your email address in this way, we always share a hashed version of your email address (which means the full address is not available to the social media site).
We collect your credit/debit card details when you make a purchase via our website.	to process your purchase. to comply with our legal and regulatory obligations.
We collect your date of birth when you make a purchase via our website (but only if you choose to provide this to us)	to tailor the messages we send to you based on what we think will be of interest to you based on your age. to provide you with discounts and offers on or around your birthday (unless you specifically tell us that you do not want us to).
We collect your full name, email address, telephone number and postal address (unless you choose not to provide such information to us) when you create an account/register to receive our latest news and information.	to store this on our internal database and, unless you tell us you do not wish to receive messages from us, to ensure you receive all the latest news and information about our new product releases, offers, discounts and events to your preferred contact method(s).
If you make a purchase via our website, details of your shopping history, including spending data, types of orders and frequency of orders.	to analyse your shopping patterns compared to other customers (although we will aggregate your personal data before we use it for this purpose). to tailor the messages we send to you based on your shopping history.
The fact you have visited our website and the products you have viewed, which may be collected via online identifiers such as cookies, tags and pixels.	to share this information with social media sites (such as Facebook and Instagram) on which we publish adverts, to enable them to display advertising relevant to your interests.
Your name, email address, social media handle and any other information that you include in your message/comment when you send us a message with a comment or question on our website, by post, email, phone or on any of our social media pages (Facebook, Twitter, Instagram, Pinterest or YouTube).	to deal with your comment/question and to contact you about this, if necessary. if the comment/message is in relation to a social media competition, to enter you into the competition.
Your name, email address, social media handle and any other information you provide to us when you take part in any competition we operate on our website or any of our social media sites.	to enter you into the competition to send you details of our products, offers and events which we think will be of interest to you by email, SMS and/or post (unless you specifically tell us that you do not want us to).
Technical information about your computer, tablet or phone (including your IP address, screen resolution, browser type, operating system software type and device type).	to enable you to store your preferences on your device (so you can, for example, save your login details, your preferred language and preferred currency) to improve our website, services marketing and customer relationships so our website is easier for you to use. to analyse your location to understand how best to provide advertising campaigns to you.
Other technical information about your computer, tablet or phone (including your IP address, screen resolution, browser type, operating system software type and device type).	to administer and protect our website through troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.
If you are a business customer, we may obtain your name and contact details from publicly available sources, such as Google and LinkedIn.	To contact you about our business, products and services.

 

We may also collect, use and share aggregated data such as statistical or demographic data. Aggregated data could be derived from your personal data but is not considered “personal data” under UK law, as it does not directly or indirectly reveal your identity. For example, we may aggregate the data relating to your location and product purchase history to establish where specific products may be more popular. We will then use this data to improve our website, tailor our marketing strategy towards you and help us stock products we think you will like.

 

5. How we use your personal data and the lawful basis for what we do with it

We will never use your personal data unlawfully. We are required to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

We have set out below our legal basis for the various ways we rely on to do so, we have identified our legitimate interest where appropriate.

 

Our use of your personal data	Type of data	Our legal basis
To register you as a new customer, including Creating and maintaining your account.	Identity   Contract	Performing our contract with you and creating and maintaining your account.   Some of this information will also be required for legal obligations such as fraud prevention.
Processing and delivering orders to you including: Managing payments, fees and charges Collect and recover money dealing with returns refunds customer service queries.	Identity   Contract   Financial   Transaction   Marketing and Communications	Performance of our contract with you (we need to do this to provide our products to you).   Necessary to comply with legal obligation.   Necessary for our legitimate interest to keep records updated and manage our relationship with you,   Some of this information will also be required for legal reasons such as fraud prevention and for our legitimate interests of defending against any claims made against us.
To manage our relationship with you including: Sending you details of our products, offers and events by email, SMS and/or post. Notifying you about changes in our terms or privacy policy Dealing with your requests complaints or queries Dealing with your comments/questions (where these are not related to a specific order).	Identity   Contact   Profile   Marketing and Communications	Performance of our contract with you.   Necessary to comply with legal obligations.   Necessary for our legitimate interest of communicating with our customers to tell you about our new products, offers, events and competitions and for the purpose of growing and expanding our business and to ensure we provide the best possible customer service
To deliver relevant website content and online advertisement to you including; Creating a profile of you based on your shopping habits, purchase history, location and, if relevant, date of birth. Displaying our products and offers we think will be of interest to you on our site and third party sites (including your social media accounts).	Identity   Contact   Profile   Usage   Technical   Marketing and Communications	Necessary for our legitimate interests of ensuring that we are targeting our customers effectively which means that you do not receive news and information we don’t think that you would be interested in and so we can ensure that we are creating the best possible experience for our customers, so they keep coming back to us.
Improving and securing our website, including; Troubleshooting, Data analysis Testing System maintenance Support Reporting Hosting of data	Identity   Contact   Technical	Legal requirement of preventing fraud.   Necessary for our legitimate interests for running our business and ensuring that our website works effectively, is secure and reflects our customers’ browsing habits.
To enable you to partake in a prize draw, competition or complete a survey	Identity   Contact   Profile   Usage   Marketing and Communications	Performance of our contract with you (we need to use the information to enter you into our competition and tell you if you have won).   Necessary for our legitimate interest to study how customers use our products /services to develop them and grow our business.

 

6. Cookies

For more information about the cookies, we use and how to change your cookies preferences, see our Cookies Policy.

7. Marketing

Where you have made a purchase from our website or created an account with us, we want to make sure that you are kept up to date with all our latest products, events and offers and therefore, unless you specifically tell us you do not want to receive these message we will send you messages by email, SMS and/or post. We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

You can ask us to stop sending you marketing communications at any time by “opting out” or contacting us at info@hydropeptide.co.uk. If you opt out of receiving marketing communications, you will still receive service- related communications that are essential for administrative or customer service purposes, for example, relating to order confirmations for a purchase.

8. Sharing of Personal Data

We do not sell your personal data to any third parties. We may share your personal data with our carefully selected third party service providers who help us provide our services to you, including:

• Our logistics/warehouse service provider.
• Our couriers and similar delivery companies.
• Our e-commerce platform, Shopify.
• Our payment providers, such as Shopify/Stripe.
• Our professional partners, including our marketing agencies (such as Klaviyo) and website hosts and designers.
• Our IT and technical service providers.
• Social media platforms on which we publish adverts.

In certain circumstances we may also need to share your personal data with our professional advisors including our legal advisers, bankers, auditors, insurers and other regulators (including HM Revenue & Customs). Additionally, we may also need to share your personal data with any third party to who we choose to sell, transfer or merge any part of our business or our assets to/with. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to use your personal data for specified purposes and in accordance with our instructions. 

9. International Transfers

Given the international nature of our business, your personal data may be transferred and accessed in a country outside of your country of residence, this will include the following:

• your personal data may be transferred to our group companies based in the US, who need to access the personal data to provide support services to us;
• we use Shopify as our e-commerce platform and its servers are located in the US, Canada and Ireland. This means that certain of your personal data may be stored on servers outside the UK;
• we may use marketing agencies who store personal data outside of the UK. For example, Klaviyo stores personal data in the US;
• our payment processor may store personal data in the US.
  

We ensure that all transfers of personal data outside of the UK are carried out in accordance with data protection laws, including by ensuring the relevant country is the subject of an adequacy decision or, if not, entering into an international data transfer agreement or addendum (or equivalent). 

We will only transfer your personal data to countries that have been deemed by the UK to provide an adequate level of protection, For full details of the countries to which we may transfer your personal data, and the measures we have in place to protect our personal data, are available on request. 

10. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used, or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors, sub-contractors and other third parties who have a business need to know such information. These parties will only process your personal data on our direct instructions and they will be bound to a duty of confidentiality and must afford the same security measures as set out in this privacy policy.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We protect your personal data in the following ways:

• We will not request information which is excessive for our purposes, as outlined above.
• We try, with your assistance, to keep any information we hold about you up to date and accurate.
• We anonymise information where we do not require personally identifiable information for the purpose for which it is used.
• We follow strict security procedures in the storage and disclosure of information that you have given to us to prevent unauthorised access.
• We have appropriate written agreements in place with those advertisers and third-party technical providers (listed above) with which we may share any information submitted by you.
• We utilise Shopify’s e-commerce platform to ensure that our online store is secure. Details of Shopify’s security measures are available here https://www.shopify.com/security.

Unfortunately, the transmission of information via the internet is not completely secure. Although we try our best to keep your personal data secure, we cannot guarantee the security of your personal data transmitted from our website; any transmission is at your own risk. 

Our website may include links to third-party websites and apps. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of the websites that you visit.

11. How long will we keep your information for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, auditing or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, accounting or other requirements.

By law we have to keep basic information about our customers for six (6) years after they cease to be a customer. We will retain your name, email address, delivery and billing address(es), phone number, payment details and details of your purchase for up to seven years following your purchase.

We will retain your name, email address, delivery and billing address(es), phone number, date of birth, and purchase history for such time as you continue to hold an account with us and for six months afterwards (note that, if you’ve made a purchase from us, we may continue to hold certain of your personal data for a longer period, as set out above). 

We will retain our correspondence with you whether ascertained through our website or any of our social media platforms for up to six years following the date of such correspondence.

We will retain details of your purchasing and browsing habits, and any technical information we collect about you, for up to twelve months following the date of collection.

Where you choose to receive our latest news, products and offers, we will keep your contact details (generally your email address, phone number and/or address) for such time as you wish to continue to receive such updates from us. Alternatively, you can choose to “opt-out” and stop receiving marketing emails by contacting us using the details provided. 

12. Your legal rights 

Dependent upon the circumstances, you may have certain rights in respect of your personal data under data protection laws These include: 

• a right to be informed about the collection and use of the personal data we hold about you and request correction of any personal data we hold about you. This enables you to have incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy if the new data you provide to us;
• a right of access to a copy of the personal data (commonly known as a “subject access request”)  we hold about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
• a right to object to processing that is likely to cause or is causing damage or distress to you and where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of the data (including carrying out profiling based on our legitimate interests.) In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object;
• the right to object to our processing of your personal data for direct marketing purposes, see above for details on how to object to receiving direct marketing communications;
• a right to object to decisions being taken by solely automated means. This enables you to request human review of decision that are made without any human involvement and to challenge outcomes that may significantly affect you ;
• a right in certain circumstances to have information transferred to you or a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly-used, machine readable format. Note this right only applies to automated information which you initially provided consent to use or where the information is to perform a contract with you;
• a right in certain circumstances for the personal data we hold about you to be erased. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your data unlawfully or where we are required to erase your personal data to comply with local law. Note however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
• a right in certain circumstances to withdraw your consent to the processing of your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed. This enables you to ensure that the personal data we hold for you is accurate and where appropriate, removed or restricted from use. 

If you wish to exercise any of the rights set out above, please contact us at info@hydropeptide.co.uk. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated. 

You will not be charged a fee to access your personal data or to exercise any of the above rights.

You have the right to complain in respect of our use of your personal data. If you are a UK resident, your complaint would normally be addressed to the Information Commissioner’s Office (‘ICO’) (https://ico.org.uk/) Please contact us before you escalate your complaint, the ICO will expect you to have done so before reviewing your complaint

13. Contacting us

Questions, comments and requests regarding this privacy policy or use of your personal data are welcome and should be addressed to HydroPeptide Limited, Camburgh House, 27 New Dover Road, Canterbury, Kent, UK CT1 3DN or emailed to info@hydropeptide.co.uk.

14. Changes to this Policy

We keep our privacy policy under regular review and  may change this policy from time to time to reflect how we are processing your personal data. Any changes we make to our privacy policy in the future will be posted on this website and notified to you the first time you access our website following such change, or we will contact you directly. 

15. Third-party links 

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.