Privacy Policy
How we collect, use, and protect your personal data. Your privacy is taken seriously at every stage of our operation.
Last updated: June 2025 | This policy is compliant with UK GDPR and the Data Protection Act 2018.
1. Who We Are
SteroidShopUK operates at steroidshopuk.uk. We are the data controller for personal data collected through this website. For data protection queries, contact us via our Contact page.
2. What Data We Collect
| Data Type | When Collected | Purpose |
|---|---|---|
| Name and delivery address | At checkout | Order fulfilment and delivery |
| Email address | At checkout / account creation | Order confirmations, support communications |
| IP address | Website visit | Security, fraud prevention, analytics |
| Browser and device data | Website visit | Website performance optimisation |
| Order history | After purchase | Account management, customer support |
| Payment reference | After payment | Order reconciliation (no card data stored) |
We do not collect or store any payment card numbers. We do not store cryptocurrency private keys or sensitive financial data beyond the transaction reference needed for order reconciliation.
3. Legal Basis for Processing
We process your personal data under the following lawful bases (UK GDPR Article 6):
- Contract performance: Processing your name and address to fulfil your order
- Legitimate interests: Security monitoring, fraud prevention, website analytics
- Legal obligation: Where we are required by law to retain records
- Consent: Where you opt in to marketing communications (you may withdraw consent at any time)
4. How We Use Your Data
- To process and fulfil your orders
- To send order confirmation and despatch notification emails
- To respond to customer support enquiries
- To prevent fraudulent transactions
- To comply with our legal obligations
- To send marketing communications where you have given consent
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
5. Data Sharing
We share your data only where necessary:
- Royal Mail / delivery carriers: Name and delivery address for parcel despatch
- Hosting provider: Data is stored on UK-based servers subject to equivalent data protection standards
- Law enforcement: We comply with lawful requests from UK authorities
No data is transferred outside the UK/EEA without appropriate safeguards in place.
6. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Order records | 6 years | Legal obligation (tax and accounting records) |
| Delivery address | Duration of account + 1 year | Order fulfilment history |
| Email address | Duration of account | Account management |
| IP address logs | 90 days | Security monitoring |
| Marketing preferences | Until consent withdrawn | Consent-based |
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access: Request a copy of the data we hold about you
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data (subject to our legal retention obligations)
- Right to restriction: Request that we restrict processing of your data
- Right to portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests or for direct marketing
To exercise any of these rights, please contact us. We will respond within 30 days.
8. Cookies
This website uses cookies for essential functionality (shopping cart, session management) and optional analytics. You can manage cookie preferences through your browser settings. Essential cookies cannot be disabled as they are required for the website to function.
9. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- SSL/TLS encryption on all data transmissions
- Password-hashed user accounts (bcrypt)
- Regular security updates and vulnerability monitoring
- Access controls limiting staff access to customer data
10. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.