RS Bio Labs ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our website or placing an order, you acknowledge that you have read and understood this policy.

1. Data Controller

RS Bio Labs is the data controller for personal data collected through this website. Contact us at info@rsbiolabs.com for any data protection enquiries.

2. Data We Collect

We may collect and process the following categories of personal data:

• Identity data: your name, as provided when ordering or subscribing.
• Contact data: email address, delivery address, phone number (if provided).
• Transaction data: details of orders placed, products purchased, prices paid.
• Payment data: processed entirely by Stripe — we do not see or store full card details.
• Technical data: IP address, browser type and version, pages visited, time spent on pages, referral source, collected via Google Analytics and cookies.
• Communications data: any messages sent to us via email or Telegram.
• Marketing preferences: whether you have subscribed to our mailing list and your consent choices.

We do not collect any special category data (e.g. health data, financial data beyond transaction details) and we do not knowingly collect data from individuals under 18.

3. How We Collect Data

• Directly from you: when you place an order, subscribe to our mailing list, or contact us.
• Automatically: via cookies and analytics tools when you browse our website.
• From third parties: Stripe may share limited transaction data with us for order fulfilment purposes.

4. How We Use Your Data

We use personal data for the following purposes:

• To process and fulfil your orders, including dispatching products and sending tracking information.
• To send order confirmation and transaction emails.
• To send marketing emails where you have given consent — you can unsubscribe at any time.
• To respond to your enquiries and provide customer support.
• To improve our website, products, and services using anonymised analytics data.
• To comply with legal obligations including HMRC record-keeping requirements.
• To detect and prevent fraud or misuse of our services.

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

5. Legal Basis for Processing

• Contract performance (Art. 6(1)(b)): processing orders requires use of your name, address, and contact details.
• Legitimate interests (Art. 6(1)(f)): improving our service, fraud detection, and security — balanced against your rights and freedoms.
• Consent (Art. 6(1)(a)): for marketing communications and non-essential cookies. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): for accounting, tax compliance, and regulatory requirements.

6. Cookies & Google Analytics

We use cookies to operate and improve our website. Cookies are small text files placed on your device. We use:

• Essential cookies: required for the website to function (e.g. session management). These cannot be disabled.
• Analytics cookies: Google Analytics (including Google Ads conversion tracking via gtag.js, ID: AW-18001922054) to understand how visitors use our site. These are only activated with your consent.

You can manage cookie preferences via the banner displayed on your first visit, or by clearing cookies in your browser settings. Withdrawing consent for analytics cookies will not affect your ability to browse or purchase.

For more information on how Google uses data from our site, see Google's Privacy Policy.

7. Third-Party Data Sharing

We share your data with the following trusted third parties, only to the extent necessary to operate our business:

• Stripe: payment processing. Your card details are provided directly to Stripe and never transmitted to or stored by us. See Stripe's Privacy Policy at stripe.com/gb/privacy.
• Royal Mail / courier partners: your name and delivery address are shared for order fulfilment.
• Email service provider: your name and email are stored to enable transactional and marketing email delivery.
• Google: anonymised analytics and advertising data via Google Analytics and Google Ads, subject to your cookie consent.

All third parties are contractually required to handle your data in accordance with UK GDPR. We do not transfer your data outside the UK or EEA without appropriate safeguards.

8. Data Retention

• Order data: retained for 7 years in line with HMRC accounting requirements.
• Marketing subscriber data: retained until you unsubscribe or request deletion.
• Support communications: retained for 2 years from last contact.
• Analytics data: retained in anonymised form per Google's data retention settings.

9. Data Security

We implement appropriate technical and organisational security measures to protect your personal data, including SSL/TLS encryption on all web traffic, access controls limiting who can view customer data, and use of PCI-DSS compliant payment processing. However, no internet transmission is 100% secure and we cannot guarantee absolute security.

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access: to request a copy of the personal data we hold about you.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure: to request deletion of your data where no legal obligation requires retention.
• Right to restrict processing: to request that we limit how we use your data in certain circumstances.
• Right to data portability: to receive your data in a structured, machine-readable format.
• Right to object: to object to processing for direct marketing at any time.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your rights have been breached.

To exercise any of your rights, email info@rsbiolabs.com. We will respond within 30 days of receiving your request.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our operations. We will notify email subscribers of material changes. The current version and its effective date are always displayed at the top of this page.

12. Contact & Complaints

For any privacy-related queries, please contact info@rsbiolabs.com. If you are not satisfied with our response, you have the right to contact the ICO at ico.org.uk.