Supplied for research purposes only. These peptides are laboratory reagents intended for qualified researchers and educational institutions. Not for human use, animal use, or clinical application.
Privacy Policy
Privacy Notice
Last updated: 27th November 2025
NovaVitality Ltd
Website: https://novavitality.co.uk
Contact: support@novavitality.co.uk
1. Who We Are
NovaVitality Peptides Ltd (“we”, “us”, “our”) is a UK-registered distributor of research peptides, operating online at https://novavitality.co.uk.
2. What Data We Collect
- Personal identification & contact details: Name, billing/shipping address, email address, phone number.
- Order data: Product purchased, batch, quantity, payment method, transaction details.
- Age Confirmation: Confirmation you are 18+ (required for research use products). We retain age confirmation records alongside order data for 6 years to evidence regulatory compliance.
- Account information: If you register for an account, password (hashed), purchase history.
- Marketing preferences: Newsletter opt-in/consent.
- Technical information: IP address, browser type, device details.
- Cookies: See our Cookie Policy.
3. Why We Collect Your Data
We collect your data to:
- Process and deliver your order.
- Communicate regarding your order or support requests.
- Create and manage your customer account.
- Provide age and research-use compliance checks.
- Maintain a legal audit trail for 6 years (UK REACH and tax compliance).
- Send you marketing/newsletter emails (if you opt in).
- Monitor site usage (analytics, with your consent).
- Meet our legal obligations and protect against fraud.
Marketing Consent:
We collect your email address through our website newsletter signup form. A separate checkbox for marketing communication is presented unticked by default. You can withdraw this consent at any time by clicking the “Unsubscribe” link in any email or emailing support@novavitality.co.uk.
4. Lawful Basis for Processing
We process your data based on:
- Contractual necessity: To fulfil your orders and supply products.
- Legal obligation: To retain business/audit records for 6 years (Companies House, HMRC, UK REACH).
- Legitimate interests: To prevent fraud and ensure compliance.
- Consent: For sending you marketing emails and analytics/cookies not essential for the service.
Fraud Prevention & Security:
We monitor for suspicious ordering patterns and duplicate accounts to prevent payment fraud and ensure security. This includes analysing IP addresses and transaction history. We only retain this data while necessary to prevent fraud (typically 12 months), and we balance this against your privacy by only collecting the minimum data needed.
5. Data Retention
- Orders/transactions: 6 years (legal/regulatory requirement).
- Account data: While your account is active, and for up to 6 years after last transaction.
- Marketing consent: Until you unsubscribe or withdraw consent.
- Contact form/support queries: Up to 12 months after closure, unless required for legal purposes.
- Cookies: See Cookie Policy for retention by type.
6. Who We Share Data With
We share your data with:
- Payment processors: To process payments securely.
- Shipping and delivery providers: To fulfil your orders.
- Email marketing provider: (e.g. Mailchimp) for newsletter, only if you opt-in.
- Analytics providers: (with consent, e.g. Google Analytics)
- Regulatory authorities: If requested or required by law (e.g. HMRC, HSE, ICO).
- IT and security providers: To operate, back up, or secure our site and data.
Data Protection Agreements:
All third-party processors who handle your personal data have signed Data Processing Agreements with us, meeting UK GDPR Article 28 requirements. You can request copies of these agreements by emailing support@novavitality.co.uk.
We never sell your data.
7. International Data Transfers
Some of your data may be transferred to and processed outside the UK:
- Stripe (payment processor): Processing in US under Standard Contractual Clauses (Stripe’s Data Processing Addendum)
- Email marketing: May be stored in EU/US cloud infrastructure
- Analytics: Google Analytics processes data in US under Google’s Data Processing Amendment
We only transfer data to providers that have signed legally binding Standard Contractual Clauses with us or have received an adequacy decision. You can request copies of SCCs by emailing support@novavitality.co.uk.
8. Your Rights
Under UK GDPR you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request deletion (“right to be forgotten”) – subject to legal retention
- Restrict or object to processing
- Data portability (get your data in a common format)
- Withdraw consent (for marketing/cookies) at any time
- Lodge a complaint with the ICO (ico.org.uk)
Withdrawing Consent:
You can withdraw marketing consent at any time by:
- Clicking the “Unsubscribe” link at the bottom of any marketing email
- Logging into your account and updating preferences
- Emailing support@novavitality.co.uk
We will process your withdrawal within 48 hours.
To exercise any of these rights, email: support@novavitality.co.uk
9. Cookies
We use the following cookie categories:
- Strictly Necessary: Required for security and functionality (cannot be disabled)
- Performance & Analytics: Track site usage with your consent
- Marketing: Used for targeted advertising with your consent
See our Cookie Policy for full details on each cookie and how to manage preferences.
Non-Essential Cookies (Requiring Consent)
- Google Analytics (performance analysis)
- Facebook Pixel (marketing optimisation)
See our Cookie Policy for full details.
10. Children
We do not knowingly collect or accept orders from anyone under 18.
11. Data Security & Breach Notification
We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, or disclosure. In the unlikely event of a data breach affecting your personal data, we will notify you and the ICO within 72 hours as required by law.
12. Changes
We will update this privacy notice if our practices change. Updates will appear on this page and be effective immediately. A version history is maintained with the date and summary of changes.
13. Data Protection Officer / Privacy Contact
For data protection enquiries or to exercise your rights, contact: support@novavitality.co.uk
Response timeframe: 30 days (extendable to 90 days for complex requests)
For any questions or to exercise your rights, contact:
support@novavitality.co.uk
NovaVitality Ltd (16876356)
