Privacy Policy

1. Overview

Kingston Peptides ("Company," "we," "us," "our," "Data Controller") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes our policies and practices regarding the collection, use, disclosure, processing, transfer, storage, retention, and protection of personal information when you visit our website, create an account, communicate with us, or purchase products from us.

By using our website and services, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the website or use our services.

This Privacy Policy applies to all visitors, users, and customers of our website and is designed to comply with applicable data protection laws and regulations, including but not limited to the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

At Kingston Peptides, we are committed to protecting your privacy and ensuring the security of your personal information. We collect only the information necessary to provide our services and maintain transparency about our data practices. We implement industry-standard security measures and comply with applicable data protection laws including GDPR.

UK & EU GDPR Compliance: We comply with both the UK General Data Protection Regulation (UK-GDPR) and the EU General Data Protection Regulation (EU-GDPR). Following Brexit, the UK maintains its own independent GDPR regime which is substantially similar to the EU version. Our privacy practices meet the requirements of both regulatory frameworks.

Research Context: All products supplied by Kingston Peptides are intended for research purposes only. Your personal information is processed solely for the purpose of fulfilling research orders and providing customer support. We do not use your personal information for any research or experimental purposes without your explicit consent.

2. Definitions

• "Personal Information" / "Personal Data": Any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including but not limited to name, email address, postal address, phone number, and payment information.
• "Processing": Any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
• "Data Controller" / "Controller": The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
• "Data Processor" / "Processor": A natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.
• "Sensitive Personal Information": A special category of Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide to us when you interact with our website and services:

• Order Information: Shipping address, email address, billing details, product selections, order history, and transaction records.
• Communication Data: Messages sent to customer support, inquiries, feedback, and correspondence records.
• Institutional Information: Organization name, institutional credentials, tax identification numbers, and verification documents (for institutional customers only).

3.2 Information Collected Automatically

When you access our website, we may automatically collect certain technical information:

• Device Information: Browser type and version, operating system type and version, device type, screen resolution, and device identifiers
• Usage Data: Pages visited, time spent on pages, referring URL, click patterns, navigation paths, and interaction data
• IP Address: Internet protocol address for security, fraud prevention, and compliance purposes
• Cookies & Tracking Technologies: Session identifiers, preference settings, and authentication tokens
• Location Data: General geographic location derived from IP address (country/city level, NOT precise GPS location)

3.3 Information from Third Parties

We may receive information about you from third parties, such as shipping carriers (for delivery confirmation and tracking), payment processors (for transaction verification), blockchain networks (for cryptocurrency payment confirmation), and publicly available sources (for institutional account verification). We only accept such information from parties we reasonably believe have the legal right to share it.

4. How We Use Your Information

We use the information we collect for the following legitimate business purposes:

4.1 Service Delivery

• Process, fulfill, and deliver your orders
• Ship products to your specified address
• Provide order confirmations, shipping notifications, and tracking information
• Maintain your email and provide customer support

4.2 Communication

• Respond to your inquiries and support requests
• Send important notices about service changes, policy updates, or security alerts
• Provide technical support and product-related assistance
• Send transactional emails related to your account or orders

4.3 Security, Compliance & Legal

• Prevent fraud, unauthorized access, security breaches, and other illegal activities
• Verify customer identity, eligibility, and qualifications
• Comply with applicable legal and regulatory requirements
• Enforce our Terms of Service and other agreements
• Protect our rights, privacy, safety, and property, and that of our customers

5. Legal Basis for Processing

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar data protection laws, our processing of your personal data is based on one or more of the following legal grounds:

1. Consent: Where you have given clear, informed, and freely given consent to process your personal data for a specific purpose.
2. Contract Performance: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
3. Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
4. Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

6. Information Sharing & Disclosure

We do NOT sell, rent, trade, or share your personal information with third parties for their marketing purposes. We do NOT monetize your personal data. Your information is used solely for the purposes described in this Privacy Policy.

We may share your information only in the following limited circumstances:

• Service Providers: With third-party vendors and contractors who perform services on our behalf (e.g., shipping carriers, payment processors, cloud hosting providers, email services) under strict contractual obligations to protect your information and use it only for the purposes we specify.
• Legal Requirements: When required by law, regulation, legal process, governmental request, or court order, including in response to lawful requests by public authorities.
• Protection of Rights: To protect and defend our rights, privacy, safety, or property, and/or that of our customers, users, or others.
• Business Transfers: In connection with any merger, acquisition, reorganization, sale of assets, financing, or similar transaction, provided the acquiring entity agrees to honor this Privacy Policy.
• With Your Consent: When you have given explicit, informed consent for the specific sharing.

Third-Party Service Providers

We share your personal information with the following categories of service providers who assist us in operating our business:

• Payment Processors: Payment processors to process transactions
• Shipping Providers: Delivery services to fulfill your orders
• IT Services: Cloud hosting and email services
• Professional Advisors: Legal, accounting, and regulatory compliance services

All service providers are contractually bound to protect your personal information and may only use it to provide services to us.

7. Data Security

We implement robust technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and in any event within 72 hours of becoming aware of the breach, where feasible. We will also notify the Information Commissioner's Office (ICO) in the UK and/or relevant supervisory authorities in the EU within the same timeframe. If we determine that a breach is unlikely to result in a risk to your rights and freedoms, we may not notify you but will document our decision internally.

While we use commercially reasonable efforts to implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements:

• Order Information: 7 years (Tax & legal compliance)
• Account Information: Until deletion or 3 years inactive (Service provision)
• Communication Records: 2 years (Customer support)
• Security Logs: 1 year (Security monitoring)

Upon expiration of the retention period, we securely delete or anonymize your personal information in accordance with our data destruction procedures.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access & Portability: Request a copy of your personal information in a portable, machine-readable format
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion (Erasure): Request deletion of your personal information (subject to legal requirements)
• Opt-Out / Restriction: Opt out of marketing communications or restrict processing in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing
• Data Portability: Receive your data in a structured, commonly used, machine-readable format

To exercise any of these rights, please contact our Data Protection Officer at:

Data Protection Officer: Email: privacy@kingstonpeptides.com

Automated Decision-Making

We do not use fully automated decision-making that produces legal effects concerning you or similarly significantly affects you. All decisions regarding your account, orders, or service access involve human review where appropriate. You have the right to express your point of view and contest any automated decision.

10. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience, analyse usage, and assist in our marketing efforts. You can control which cookies are set through your browser settings or our cookie consent banner.

Cookie Types We Use:

• Essential Cookies: Required for the website to function (shopping cart, checkout). These cannot be disabled.

For more information, please see our separate Cookie Policy (see Section 10 below).

11. Third-Party Links & Services

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices, data collection, or content of those third parties. We encourage you to review the privacy policies and terms of service of any third-party sites you visit. This Privacy Policy applies only to information collected by us through our website and services.

12. Children's Privacy

Our services are not intended for children under the age of 13 in the UK or under the age of 16 in the European Union. We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

13. International Data Transfers

Your personal information may be transferred to and processed in countries outside the UK and European Economic Area (EEA). Where we transfer data to countries without an adequacy decision, we ensure appropriate safeguards are in place.

• Standard Contractual Clauses (SCCs): We use European Commission-approved standard contractual clauses to ensure your data is protected to UK/EU standards.
• UK International Data Transfer Agreement (IDTA): For transfers from the UK, we use the UK government's approved IDTA.
• Adequacy Decisions: We rely on European Commission adequacy decisions where available.

You have the right to request further information about the safeguards we use for international transfers by contacting our Data Protection Officer.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also provide additional notice through email or prominent website notice. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

15. Contact Us

If you have questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Kingston Peptides Data Protection Officer: Email: privacy@kingstonpeptides.com

Supervisory Authority: If you are located in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable data protection laws.