Privacy Policy

BUYRETA("we", "us", "our") operates the website at dev.buyreta.co.uk. This policy explains what personal information we collect when you visit the site or place an order, how we use it, who we share it with, and the rights you have under the UK GDPR, EU GDPR, and other applicable data-protection laws.

We collect the following categories of information:

• Account details— name, email address, and password hash when you create an account.
• Order & delivery details— billing and shipping address, phone number, items ordered, and order history.
• Payment details— processed directly by our payment providers (Stripe, PayPal, and bank-transfer partners). We do not see or store full card numbers.
• Communications— any messages you send us through the contact form, email, or other support channels.
• Technical & usage data— IP address, browser type, device information, referring URL, pages viewed, and approximate location (country level), collected through cookies and similar technologies.

We process your personal information to:

• Process and fulfil your orders, including shipping and returns.
• Operate your customer account and provide order history.
• Respond to your enquiries and provide customer support.
• Send transactional emails (order confirmations, dispatch notices, account-security messages).
• Send marketing emails about new products or promotions, where you have opted in. You can unsubscribe at any time using the link in any marketing email.
• Detect and prevent fraud, abuse, and other unauthorised use of the site.
• Improve our website, products, and services through aggregated analytics.
• Comply with our legal and regulatory obligations.

Our lawful bases for processing are contract performance (orders and accounts), legitimate interests (fraud prevention, service improvement), consent (marketing, non-essential cookies), and legal obligation (tax and record-keeping).

We use cookies and similar technologies to operate the site and understand how it's used:

• Strictly necessary cookies— session, cart, authentication, and security. The site cannot work without these.
• Analytics cookies— Google Analytics 4 helps us understand how visitors use the site so we can improve it. Data is aggregated and pseudonymous.
• Marketing cookies— Reddit Pixel and Klaviyo, where enabled, help us measure the effectiveness of marketing campaigns and (where you've consented) personalise communications.

You can refuse non-essential cookies through your browser settings or our consent controls where shown.

We share personal information with the following categories of recipients, only as needed to operate the service:

• Payment processors— Stripe, PayPal, and bank-transfer partners, to take payment securely.
• Shipping carriers— to deliver your order to the address you provide.
• Email and SMS providers— Resend and Klaviyo, to send transactional and marketing communications.
• Analytics providers— Google Analytics, Reddit, and Segment, to measure site performance and advertising.
• Hosting and infrastructure— Vercel, Cloudflare, and our backend hosting providers.
• Professional advisers and authorities— where required by law, regulation, or to enforce our terms.

We do not sell your personal information. Where any provider processes data outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an adequacy decision.

We keep personal information for as long as needed for the purpose it was collected, and to meet legal, tax, and accounting requirements. Order and invoice records are typically retained for up to seven years. Marketing-list entries are kept until you unsubscribe. Account records are kept while your account is active; you can request deletion at any time (see “Your rights” below).

Under the UK GDPR and EU GDPR you have the right to:

• Access the personal information we hold about you.
• Have inaccurate information corrected.
• Have your information deleted, subject to legal exceptions.
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent where we rely on it (e.g. marketing).
• Lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, contact us at shop@dev.buyreta.co.uk.

We take reasonable technical and organisational measures to protect your personal information, including TLS encryption in transit, access controls, and vetted third-party providers. No system is perfectly secure, so we cannot guarantee absolute security — if you believe your account has been compromised, please contact us immediately.

Our products are sold for laboratory and research use only and are not intended for minors. We do not knowingly collect personal information from anyone under 18.

We may update this policy from time to time. The latest version will always be available at this URL with the “Last updated” date below. Material changes will be notified by email or a prominent notice on the site.

Questions about this policy or how we handle your information? Email shop@dev.buyreta.co.uk or use our contact form.