Privacy Policy | Obsidian Sciences

Introduction

Obsidian Sciences (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (obsidiansciences.co.uk) or place an order with us.

We are registered with the Information Commissioner’s Office (ICO). Our registration number is C1912701.

For the purposes of UK data protection legislation, the data controller is:

Obsidian Sciences
61 Bridge Street
Kington
HR5 3DJ
United Kingdom
Email: [email protected]

What Data We Collect

We may collect and process the following personal data:

Information you provide directly: When you place an order or create an account, we collect your name, email address, billing address, delivery address, phone number (if provided), and any order notes you submit.

Payment information: We do not store payment card details. Open banking payments are processed securely by our payment provider. Cryptocurrency payments are processed via Aurpay. We retain only a transaction reference and confirmation of payment for our records.

Technical data: When you visit our website, we may automatically collect your IP address, browser type and version, operating system, referral source, pages visited, and the date and time of your visit.

Compliance data: At checkout, we record your confirmation that you are over 18 years of age, that products are being purchased for in-vitro research use only, and that you have agreed to our terms and conditions. This data is stored alongside your order record.

How We Use Your Data

We use your personal data for the following purposes:

Order fulfilment: To process your order, arrange delivery, and communicate with you about your purchase including dispatch notifications and tracking information.

Legal compliance: To maintain records required by UK tax law (HMRC), to verify age at point of sale, and to maintain evidence of Research Use Only acknowledgement by purchasers.

Customer service: To respond to your enquiries and provide after-sales support.

Website operation: To administer and improve our website, ensure security, and analyse usage patterns to improve the user experience.

We do not use your data for automated decision-making or profiling. We do not sell, rent, or share your personal data with third parties for marketing purposes.

Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

Contract: Processing is necessary for the performance of a contract (your purchase order) or to take steps at your request prior to entering into a contract.

Legal obligation: Processing is necessary for compliance with UK tax law, consumer protection law, and regulatory requirements.

Legitimate interests: Processing is necessary for our legitimate interests in operating our business, preventing fraud, and improving our services, provided these interests do not override your fundamental rights and freedoms.

Who We Share Your Data With

We may share your personal data with the following categories of third parties, solely for the purposes described in this policy:

Delivery services: Royal Mail, for the purpose of delivering your order. We share your name, delivery address, and order reference.

Payment processors: Our open banking provider and Aurpay, for the purpose of processing your payment. These providers operate under their own privacy policies and data protection obligations.

Website hosting: Our hosting provider, for the purpose of operating our website. Your data is stored on servers located within secure data centres.

Tax authorities: HMRC, where required by law for tax reporting purposes.

We do not transfer your personal data outside the United Kingdom unless required by a service provider, in which case appropriate safeguards are in place in accordance with UK GDPR.

How Long We Keep Your Data

Order data: We retain order records (including name, address, email, order details, and compliance confirmations) for a minimum of 6 years from the date of the transaction, as required by HMRC for tax purposes.

Account data: If you create an account, your account information is retained until you request its deletion.

Technical data: Server logs and analytics data are retained for up to 12 months.

Enquiry data: Email correspondence is retained for up to 2 years unless it relates to an order, in which case it is retained alongside the order record.

Cookies

Our website uses cookies to enable essential functionality including maintaining your shopping basket, remembering login sessions, and processing checkout. These are strictly necessary cookies required for the website to function and do not require consent.

We do not use third-party advertising cookies or tracking cookies for marketing purposes.

Your Rights

Under UK data protection law, you have the following rights:

Right of access: You may request a copy of the personal data we hold about you.

Right to rectification: You may request that we correct any inaccurate or incomplete data.

Right to erasure: You may request that we delete your personal data, subject to our legal obligations to retain certain records.

Right to restrict processing: You may request that we restrict the processing of your data in certain circumstances.

Right to data portability: You may request that we provide your data in a structured, commonly used format.

Right to object: You may object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our website is secured with SSL/TLS encryption. Payment data is processed by PCI-compliant providers and is never stored on our servers.

Children

Our products are not intended for purchase by persons under 18 years of age. We do not knowingly collect personal data from anyone under 18. Age verification is required at checkout.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Telephone: 0303 123 1113

Contact Us

For any questions about this Privacy Policy or your personal data, contact us at: