Privacy Policy

Last Updated: October 30 2025

This Privacy Policy explains how XL Peptides (a trading name of Bio Research Ltd, Company No. 15464334) collects, uses, stores, and protects your personal information when you visit www.xlpeptides.com (the “Site”).

Registered Office: Foxhall Business Centre, 2 King Street, Nottingham, NG1 2AS
Email: info@xlpeptides.com

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data-protection laws.

1. Information We Collect

We collect and process the following categories of data:

(a) Information You Provide Directly

• Name, billing and shipping address
• Email address and phone number
• Payment details (processed securely by third-party providers)
• Account login details (if you create an account)
• Enquiry or support correspondence

(b) Information Collected Automatically

When you visit our Site we automatically collect:

• IP address and device information
• Browser type, operating system, and referring URLs
• Pages visited, time spent, and actions taken (via cookies and analytics)

(c) Cookies and Tracking Technologies

We use cookies to:

• Enable website functionality (shopping cart, login sessions)
• Measure site performance and user experience (Google Analytics / similar)
• Support marketing and remarketing campaigns

You can control or delete cookies through your browser settings. See Section 9 for more detail.

2. How We Use Your Information

We process your personal data only where lawful and necessary to:

1. Fulfil Orders – process payments, ship goods, provide invoices.
2. Provide Customer Support – respond to enquiries and service requests.
3. Improve Our Website – analyse usage to enhance performance and security.
4. Marketing Communications – send product updates or promotions only if you have opted in (you may unsubscribe at any time).
5. Legal and Compliance Purposes – maintain records required by HMRC, law enforcement, or regulators.

We do not sell or rent personal data to third parties.

3. Legal Bases for Processing

We rely on the following legal bases:

• Contract Performance – to process and deliver your order;
• Legitimate Interests – to prevent fraud, improve services, and secure our Site;
• Legal Obligation – to retain records for tax and accounting;
• Consent – for email marketing and optional cookies.

4. How We Share Data

We share personal data only when required to operate the business, with:

• Payment Processors (e.g., PayPal, Stripe, Worldpay) – secure transaction handling.
• Shipping Carriers (e.g., Royal Mail, FedEx, DPD) – to deliver your order.
• IT & Hosting Providers (Kinsta, WordPress, WooCommerce) – website operation.
• Analytics and Advertising Partners (e.g., Google Analytics, Meta Ads) – anonymised usage data.

All partners are contractually bound to handle your data safely and in accordance with UK GDPR.

5. Data Retention

We retain your data only as long as necessary to:

• Fulfil orders and comply with tax/legal obligations (typically 6 years);
• Maintain user accounts until you request deletion;
• Retain marketing data until you withdraw consent.

When no longer required, data is securely deleted or anonymised.

6. Your Data Protection Rights

Under UK GDPR you have the right to:

• Access a copy of your personal data;
• Request correction of inaccurate data;
• Request erasure (“right to be forgotten”);
• Restrict or object to processing;
• Withdraw consent at any time (for marketing or cookies);
• Data portability (receive your data in a structured format).

To exercise these rights, contact info@xlpeptides.com.
We may need to verify your identity before acting on your request.

7. Data Security

We use appropriate technical and organisational measures to safeguard your information, including:

• SSL encryption for all transactions;
• Secure password and account protocols;
• Restricted staff access on a need-to-know basis;
• Regular security monitoring and software updates.

Despite our efforts, no online system can guarantee absolute security; you use the Site at your own risk.

8. International Data Transfers

Your information may be processed outside the UK (e.g., by payment or hosting partners).
Where transfers occur, we ensure adequate safeguards such as UK Addendum to EU Standard Contractual Clauses or equivalent data-protection mechanisms.

9. Cookies Policy Summary

Cookies are small text files placed on your device.
We use:

• Essential Cookies – necessary for site operation (cannot be disabled).
• Performance Cookies – analytics and site optimisation.
• Marketing Cookies – only with your consent for remarketing or ads.

You can change cookie preferences anytime through the on-site Cookie Consent Banner or your browser settings.

10. Third-Party Links

Our Site may contain links to external websites.
We are not responsible for the privacy practices or content of those sites.
Please review their privacy policies before submitting any personal information.

11. Children’s Privacy

Our Site and products are not intended for individuals under 18 years of age.
We do not knowingly collect personal data from minors.
If you believe a minor has provided us with data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically.
The latest version will always be posted on this page with a revised “Last Updated” date.
Your continued use of the Site after changes indicates acceptance of the updated Policy.

13. Contact Information

If you have any questions, requests, or complaints regarding this Privacy Policy or your data, please contact:

📧 info@xlpeptides.com
🏢 Bio Research Ltd (trading as XL Peptides)
Foxhall Business Centre, 2 King Street, Nottingham, NG1 2AS

If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) via www.ico.org.uk.