Privacy

Privacy & Data Protection Policy
1. Introduction
[Your Business Name] ("we," "us," or "our") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data when you purchase agar plates, powders, and lab consumables from our website.
2. The Data We Collect
We collect and process the following information:
  • Identity Data: Name, title.
  • Contact Data: Billing address, delivery address, email, and telephone number.
  • Transaction Data: Details about payments and products you have purchased.
  • Technical Data: IP address, browser type, and usage data via cookies (for site functionality).
3. How We Use Your Data (Legal Basis)
We only use your data when the law allows us to. Most commonly:
  • Performance of a Contract: To process your order, deliver your lab supplies, and notify you of shipment status.
  • Legal Obligation: To keep financial records for HMRC tax purposes.
  • Legitimate Interests: To improve our website and provide customer support.
  • Consent: To send you marketing emails (only if you "opt-in" at checkout).
4. Data Sharing with Third Parties
We do not sell your data. We only share it with essential service providers:
  • Couriers: (e.g., Royal Mail, DPD, DHL) to deliver your agar plates.
  • Payment Providers: (e.g., Stripe, PayPal, Mollie) to securely process transactions. We do not store your full credit card details on our servers.
  • IT Support: Our Shopware hosting provider.
5. Data Retention
We keep your personal data for as long as necessary to fulfil the purposes we collected it for. By UK law, we must keep basic information about our customers (including Contact, Identity, and Transaction Data) for 6 years after they cease being customers for tax purposes.
6. Your Legal Rights
Under the UK GDPR, you have the right to:
  • Access a copy of the data we hold about you.
  • Rectify any incorrect information.
  • Erasure (the "right to be forgotten")—note that this may be limited by our need to keep tax records.
  • Withdraw Consent for marketing at any time.
7. Security
We have put in place appropriate security measures (including SSL encryption) to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.
8. Contact Details
If you have questions about this policy, please contact our Data Lead at: [Insert Your Email Address].