Who We Are

This Privacy Policy explains how [LEGAL ENTITY NAME] collects, uses, stores, and shares your personal data when you visit our website, place an order, create an account, or contact us.

Personal Data We Collect

We may collect the following categories of personal data:

• Identity data — your name
• Contact data — billing and delivery addresses, phone number, and email address
• Account data — login details and account preferences
• Transaction data — products ordered, payment status, shipping information, refunds, and communications
• Technical data — IP address, browser type, device information, and site activity
• Marketing data — subscription choices and consent records
• Compliance data — risk indicators, sanctions screening results, and order verification information

How We Collect Data

We collect personal data in the following ways:

• Directly from you when you place an order, create an account, or contact us
• Automatically through cookies and similar technologies as you browse the site
• From third parties including payment providers, carriers, fraud prevention providers, analytics providers, and public records where relevant

Why We Use Your Data

We use your personal data to:

• Process and deliver your orders
• Create and manage your customer account
• Provide customer support
• Verify orders, reduce fraud, and protect our payment systems
• Comply with accounting, tax, legal, and regulatory obligations
• Improve website performance and security
• Send marketing communications where you have permitted this

Lawful Bases

Depending on the context, we rely on the following lawful bases for processing your data:

• Contract — processing necessary to fulfil your order or take steps before entering a contract
• Legal obligation — compliance with accounting, tax, and regulatory requirements
• Legitimate interests — fraud prevention, platform security, and business administration
• Consent — for certain cookies and electronic marketing where required by law

Marketing

We may send marketing communications where lawful. Where consent is required, we will ask for it clearly before sending. You can opt out at any time by clicking the unsubscribe link in any email or by contacting us directly.

Cookies

We use cookies and similar technologies for the following purposes:

• Essential — required for the website to function (e.g. your cart and session)
• Security — fraud prevention and bot detection
• Analytics — understanding how visitors use our site
• Marketing — where you have given consent

Where legally required, we will ask for your consent before placing non-essential cookies. You may also disable cookies through your browser settings, though this may affect site functionality.

Who We Share Data With

We may share your personal data with the following categories of recipients:

• Payment processors and financial institutions (including Authorize.net)
• Couriers, warehouses, and logistics providers
• IT, analytics, website, and security service providers
• Professional advisers, auditors, and insurers
• Regulators or law enforcement where legally required
• A buyer or investor in connection with a business sale, under appropriate safeguards

We do not sell your personal data.

International Transfers

Where personal data is transferred outside the UK or EEA, we use appropriate legal safeguards where required, such as adequacy decisions or approved standard contractual clauses.

Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including legal, tax, accounting, fraud-prevention, and dispute-resolution needs. Typical retention periods:

• Order and invoice records: [6–10 years depending on jurisdiction]
• Customer service records: [X years]
• Marketing suppression records: as long as needed to honour opt-outs
• Technical logs: [X months]

Your Rights

Depending on your location and applicable law, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request erasure of your data (subject to legal obligations)
• Restrict or object to certain processing, including direct marketing
• Request portability of your data
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at support@helixpeptides.eu. We will respond within 30 days. You also have the right to complain to the relevant supervisory authority — such as the ICO in the UK — if you believe your data has been handled unlawfully.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Payment data is handled via SSL-encrypted connections and processed by Authorize.net, a PCI-DSS compliant provider. No system can be guaranteed completely secure.

Children

Our website and products are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have done so, we will delete the information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised effective date. Continued use of the site after changes are posted constitutes your acceptance of the updated policy.