Last Updated: 10 January 2026
This Privacy Policy explains how xr-peptides.com, a trading name of XR Biotech Ltd (Company Number: 17010979) (“we”, “us”, or “our”), collects, uses, stores, and protects personal data when you access or use www.xr-peptides.com (the “Site”).
We are committed to protecting your privacy and handling your personal data transparently and securely in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.
1. Data Controller
For the purposes of UK GDPR, the data controller is:
XR Biotech Ltd
Trading as: xr-peptides
Registered Office:
167–169 Great Portland Street
Fifth Floor
London
W1W 5PF
United Kingdom
Company Number: 17010979
Email: info@xr-peptides.co.uk
2. Personal Data We Collect
We may collect and process the following categories of personal data:
(a) Information You Provide Directly
When you place an order, create an account, contact us, or otherwise interact with the Site, we may collect:
- Full name
- Billing and delivery addresses
- Email address and telephone number
- Account login credentials (where applicable)
- Order details and transaction history
- Communications sent to us via email, forms, or customer support
Payment information is processed securely by third-party payment service providers. We do not store or process payment card details.
(b) Information Collected Automatically
When you use the Site, we may automatically collect:
- IP address
- Device identifiers
- Browser type and version
- Operating system
- Referring URLs
- Pages viewed, session duration, and interaction data
This information helps us operate, secure, and improve the Site.
(c) Cookies and Similar Technologies
We use cookies and similar technologies to:
- Enable essential website functionality (such as shopping carts and sessions)
- Analyse website usage and performance
- Support marketing and advertising activities (where consent is provided)
Further details are provided in Section 11.
3. Purposes for Processing Personal Data
We process personal data only where lawful and necessary, for the following purposes:
- Order Fulfilment – to process payments, dispatch products, and issue order confirmations and invoices
- Customer Support – to respond to enquiries, complaints, or requests
- Account Administration – to manage user accounts where applicable
- Website Operation and Security – to maintain, secure, and improve the Site
- Marketing Communications – to send updates or promotional materials where consent has been provided
- Legal and Regulatory Compliance – including compliance with HMRC, accounting, and legal obligations
We do not sell or rent personal data to third parties.
4. Lawful Bases for Processing
We process personal data under the following lawful bases as defined by UK GDPR:
- Performance of a Contract – where processing is necessary to fulfil an order or provide requested services
- Legitimate Interests – including fraud prevention, website security, service improvement, and business administration
- Legal Obligation – where processing is required by applicable law
- Consent – for marketing communications and non-essential cookies
Where consent is relied upon, you may withdraw it at any time.
5. Disclosure of Personal Data
We may share personal data with trusted third parties where necessary, including:
- Payment Service Providers (e.g. Stripe, PayPal)
- Delivery and Logistics Providers (e.g. Royal Mail, DPD, FedEx)
- IT, Hosting, and E-commerce Providers (e.g. website hosting, content delivery, Shopify)
- Analytics and Advertising Providers (e.g. Google Analytics, Meta Ads), typically using aggregated or anonymised data
All third parties are required to process personal data securely and in compliance with UK GDPR.
6. International Data Transfers
Some service providers may process personal data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including:
- UK Addendum to the EU Standard Contractual Clauses
- Adequacy decisions or equivalent lawful mechanisms
7. Data Retention
We retain personal data only for as long as necessary for its intended purpose, including:
- Transaction and accounting records – generally retained for up to six years
- Account information – retained until deletion is requested or the account is closed
- Marketing data – retained until consent is withdrawn
Data is securely deleted or anonymised when no longer required.
8. Your Data Protection Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Request correction of inaccurate or incomplete data
- Request erasure of your personal data
- Restrict or object to processing
- Withdraw consent at any time (where applicable)
- Request data portability
Requests should be sent to gdpr@xr-peptides.co.uk.
We may require proof of identity before responding.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- SSL encryption across the Site
- Restricted access to authorised personnel only
- Secure authentication controls
- Ongoing monitoring and system updates
While we take reasonable steps to protect data, no system can be guaranteed to be completely secure.
10. Children’s Data
The Site is intended for use by individuals aged 18 or over.
We do not knowingly collect personal data from children. If you believe a minor has provided personal data, please contact us immediately.
11. Cookies Policy (Summary)
We use the following types of cookies:
- Strictly Necessary Cookies – required for core Site functionality
- Performance Cookies – to analyse and improve Site performance
- Marketing Cookies – used only with your explicit consent
Cookie preferences can be managed at any time via the cookie consent banner or browser settings.
12. Third-Party Websites
The Site may contain links to third-party websites. We are not responsible for the content or privacy practices of external sites. Users should review the privacy policies of those websites independently.
13. Amendments to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. Continued use of the Site constitutes acceptance of the revised policy.