NovaVitality Ltd – Privacy Policy

Privacy Notice

Last updated: 20th February 2026
NovaVitality Ltd
Website: https://novavitality.co.uk
Contact: [email protected]

1. Who We Are
NovaVitality Ltd (“we”, “us”, “our”) is a UK-registered distributor of research peptides, operating online at https://novavitality.co.uk.
Company Number: 16876356 | Registered Address: Blyth, UK

2. What Data We Collect
• Personal identification & contact details: Name, billing/shipping address, email address, phone number.
• Order data: Product purchased, batch, quantity, payment method, transaction details.
• Age Confirmation: Confirmation you are 18+ (required for research use products). We retain age confirmation records alongside order data for 6 years to evidence regulatory compliance.
• Account information: If you register for an account, password (hashed), purchase history.
• Marketing preferences: Newsletter opt-in/consent; WhatsApp communications opt-in/consent.
• Technical information: IP address, browser type, device details.
• Cookies: See our Cookie Policy.

3. Why We Collect Your Data
We collect your data to:
• Process and deliver your order.
• Communicate regarding your order or support requests.
• Create and manage your customer account.
• Provide age and research-use compliance checks.
• Maintain a legal audit trail for 6 years (UK REACH and tax compliance).
• Send you marketing/newsletter emails (if you opt in).
• Send order updates, shipping notifications, and research-related announcements via WhatsApp (if you opt in).
• Monitor site usage (analytics, with your consent).
• Meet our legal obligations and protect against fraud.

Marketing & Communications Consent:
• Email Marketing: We collect your email address through our website newsletter signup form. A separate checkbox for marketing communication is presented unticked by default. You can withdraw this consent at any time by clicking the “Unsubscribe” link in any email or emailing [email protected].
• WhatsApp Communications: During checkout, you may optionally opt in to receive order updates, shipping notifications, and research-related announcements via WhatsApp at the phone number you provide. This consent is separate from email marketing and can be withdrawn independently (see Section 8).

4. Lawful Basis for Processing
We process your data based on:
• Contractual necessity: To fulfil your orders and supply products.
• Legal obligation: To retain business/audit records for 6 years (Companies House, HMRC, UK REACH).
• Legitimate interests: To prevent fraud and ensure compliance.
• Consent: For sending you marketing emails, WhatsApp communications, and analytics/cookies not essential for the service.

Fraud Prevention & Security:
We monitor for suspicious ordering patterns and duplicate accounts to prevent payment fraud and ensure security. This includes analysing IP addresses and transaction history. We only retain this data while necessary to prevent fraud (typically 12 months), and we balance this against your privacy by only collecting the minimum data needed.

5. Data Retention
• Orders/transactions: 6 years (legal/regulatory requirement).
• Account data: While your account is active, and for up to 6 years after last transaction.
• Marketing consent (email): Until you unsubscribe or withdraw consent.
• WhatsApp consent: Until you opt out via reply “STOP”, email request, or account update.
• Contact form/support queries: Up to 12 months after closure, unless required for legal purposes.
• Cookies: See Cookie Policy for retention by type.

6. Who We Share Data With
We share your data with:
• Payment processors: To process payments securely.
• Shipping and delivery providers: To fulfil your orders.
• Email marketing provider: (e.g. Mailchimp) for newsletter, only if you opt-in.
• WhatsApp Business Platform (Meta Platforms, Inc.): To deliver optional WhatsApp messages, only if you explicitly opt in.
• Analytics providers: (with consent, e.g. Google Analytics)
• Regulatory authorities: If requested or required by law (e.g. HMRC, HSE, ICO).
• IT and security providers: To operate, back up, or secure our site and data.

Data Protection Agreements:
All third-party processors who handle your personal data have signed Data Processing Agreements with us, meeting UK GDPR Article 28 requirements. You can request copies of these agreements by emailing [email protected].

We never sell your data.

7. International Data Transfers
Some of your data may be transferred to and processed outside the UK:
• Stripe (payment processor): Processing in US under Standard Contractual Clauses (Stripe’s Data Processing Addendum)
• Email marketing: May be stored in EU/US cloud infrastructure
• Analytics: Google Analytics processes data in US under Google’s Data Processing Amendment
• WhatsApp/Meta Platforms: Data may be processed on servers in the US or other jurisdictions under Meta’s Standard Contractual Clauses and Data Processing Terms. See Meta’s Privacy Policy: https://www.whatsapp.com/legal/privacy-policy

We only transfer data to providers that have signed legally binding Standard Contractual Clauses with us or have received an adequacy decision. You can request copies of SCCs by emailing [email protected].

8. Your Rights
Under UK GDPR you have the right to:
• Access your personal data
• Rectify inaccurate data
• Request deletion (“right to be forgotten”) – subject to legal retention
• Restrict or object to processing
• Data portability (get your data in a common format)
• Withdraw consent (for marketing/cookies/WhatsApp) at any time
• Lodge a complaint with the ICO (ico.org.uk)

Withdrawing Consent:
You can withdraw marketing consent at any time by:
• Clicking the “Unsubscribe” link at the bottom of any marketing email
• Logging into your account and updating preferences
• Emailing [email protected]

Withdrawing WhatsApp Consent:
You can opt out of WhatsApp communications at any time by:
• Replying STOP to any WhatsApp message from us
• Emailing [email protected] with “Unsubscribe WhatsApp” in the subject line
• Contacting us via our website contact form

We will process your withdrawal within 48 hours. After opting out of WhatsApp, you will still receive essential order updates via email (required for contract fulfillment).

To exercise any of these rights, email: [email protected]

9. Cookies
We use the following cookie categories:
• Strictly Necessary: Required for security and functionality (cannot be disabled)
• Performance & Analytics: Track site usage with your consent
• Marketing: Used for targeted advertising with your consent
See our Cookie Policy for full details on each cookie and how to manage preferences.

Non-Essential Cookies (Requiring Consent)
• Google Analytics (performance analysis)
• Facebook Pixel (marketing optimisation)
See our Cookie Policy for full details.

10. Children
We do not knowingly collect or accept orders from anyone under 18.

11. Data Security & Breach Notification
We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, or disclosure. In the unlikely event of a data breach affecting your personal data, we will notify you and the ICO within 72 hours as required by law.

12. Changes
We will update this privacy notice if our practices change. Updates will appear on this page and be effective immediately. A version history is maintained with the date and summary of changes.

13. Data Protection Officer / Privacy Contact
For data protection enquiries or to exercise your rights, contact: [email protected]
Response timeframe: 30 days (extendable to 90 days for complex requests)

For any questions or to exercise your rights, contact:
[email protected]
NovaVitality Ltd (Company No: 16876356)