Privacy Policy

Last updated: May 2026

1. Who We Are

This privacy policy applies to SteroidShop.co.uk, a UK-based online retailer operating at https://steriodshop.co.uk. We are the data controller for your personal information. For any privacy-related queries, contact us at support@steriodshop.co.uk.

2. What Data We Collect

We collect the following categories of personal data:

Account & Order Data: name, email address, billing and shipping address, telephone number (if provided), and order history. Payment card details are processed securely by our payment gateway provider and are never stored on our servers.

Browsing Data: We collect information through cookies and similar technologies, including pages visited, time spent on site, referring URL, browser type, device type, and IP address.

Communication Data: Any messages, enquiries, or correspondence you send us via email or our contact form.

3. Legal Basis for Processing

We process your personal data under the following lawful bases as defined in the UK GDPR:

Contract Performance: Processing your order, managing your account, and providing customer support.

Legitimate Interest: Improving our website and services, preventing fraud, and conducting internal analytics.

Consent: Sending marketing communications (where you have opted in) and setting non-essential cookies.

Legal Obligation: Retaining financial records as required by UK tax law.

4. How We Use Your Data

We use your personal data to: process and fulfil your orders, send order confirmations and dispatch notifications with tracking information, respond to customer support enquiries, improve our website functionality and user experience, detect and prevent fraudulent activity, and comply with our legal and regulatory obligations. We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

5. Data Sharing

We share your personal data only with the following categories of recipients, and only to the extent necessary:

Delivery Partners: Royal Mail or our international courier service, to deliver your order. They receive your name, address, and tracking reference only.

Payment Processors: Our payment gateway provider processes your transaction securely. We do not have access to your full card details.

Website Hosting & Infrastructure: Our hosting provider stores website data on UK/EU-based servers.

Legal Authorities: We will disclose personal data if required by law, regulation, or court order.

All third-party processors are bound by data processing agreements that comply with UK GDPR requirements.

6. Cookies

We use the following types of cookies:

Essential Cookies: Required for the site to function (cart, login sessions). These cannot be disabled.

Analytics Cookies: Help us understand how visitors use our site. We use Google Analytics with IP anonymisation enabled.

Preference Cookies: Remember your settings and choices (currency, language).

You can manage cookie preferences through the cookie consent banner displayed on your first visit, or through your browser settings. Disabling non-essential cookies will not affect core site functionality.

7. Data Retention

We retain your data for the following periods:

Order Records: 6 years from the date of purchase, as required by HMRC for tax and accounting purposes.

Account Data: For as long as your account remains active. You may request account deletion at any time.

Analytics Data: Anonymised and aggregated after 26 months.

Support Correspondence: 2 years from the date of your last message.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure: Request deletion of your data (subject to legal retention obligations).

Right to Restrict Processing: Request that we limit how we use your data.

Right to Data Portability: Receive your data in a structured, machine-readable format.

Right to Object: Object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@steriodshop.co.uk. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including: SSL/TLS encryption across our entire website, PCI-DSS compliant payment processing, restricted access to customer data on a need-to-know basis, regular security audits and software updates, and secure, encrypted data storage.

10. International Transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area. Where data is transferred outside the UK/EEA (e.g., to infrastructure providers), we ensure adequate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Children’s Privacy

Our website and products are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will delete it promptly.

12. Changes to This Policy

We may update this policy periodically to reflect changes in our practices or legal requirements. The “Last updated” date at the top of this page indicates the most recent revision. We encourage you to review this page regularly. Continued use of our site after changes constitutes acceptance of the revised policy.