Privacy Policy (GDPR-Compliant)

Introduction

Eagle Research Labs (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or purchase our products. We process personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018. By using our site or services, you consent to the practices described in this policy. If you do not agree with this policy, please do not use our website.

Scope: This policy applies to information we collect online through our website (https://www.eagleresearchlabs.co.uk) and related communications. It does not govern data collected offline or by third-party sites that may be linked on our website. Our website and services are intended for adults. We do not knowingly collect personal data from anyone under 18 years of age, and if we become aware of it, we will delete such data.

Information We Collect

We may collect and process different types of information from you, including:

  • Personal Identifiers: Information you provide when creating an account, placing an order, or contacting us. This may include your name, billing and shipping address, email address, phone number, and age verification if required. For example, when you place an order, you must provide your contact and delivery details.
  • Account Credentials: If you register an account, we collect a username, password, and any profile information you choose to provide.
  • Payment Details: When making purchases, you provide payment information (e.g. credit/debit card number, expiration date). Note: We use third-party payment processors to handle payment transactions securely. We do not store full credit card numbers or sensitive payment details on our servers after the transaction is complete.
  • Technical Data: When you use our site, we automatically collect certain information about your device and usage. This includes your IP address, browser type, device type, operating system, referring URLs, and pages you viewed or searched for on our site. We also log dates/times of visits and other browsing actions (e.g. clicks, time spent on pages).
  • Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience and gather data about how you interact with our site. Cookies are small text files stored on your browser. They help with functions like keeping you logged in, remembering your cart, and analyzing site traffic. For details on cookies, see the “Cookies” section below.

You may choose not to provide certain personal information; however, this may limit your ability to use some features (for example, we need contact and payment info to process orders).

How We Use Your Information

We use the collected information for the following purposes:

  • To Process Orders and Provide Services: We use your personal information to fulfill orders and transactions you request, including processing payments, shipping products, and providing order confirmations. For example, we will use your name and address to ship your order, and your email to send you order status updates.
  • Account Management: If you create an account, we use your information to maintain and administer your account (e.g., allowing you to log in, view order history, and save preferences).
  • Customer Communication: We may use contact information (email or phone) to communicate with you about your orders, respond to inquiries or support requests, and send essential service-related announcements (such as changes to our terms or policies, security alerts, or delivery issues). We may also send you updates about new products or promotions, but only in accordance with your marketing preferences (see “Your Rights & Choices” below).
  • Improvement and Analytics: We use usage data and feedback to understand how our website is used and to improve our offerings. This includes analyzing trends, managing the performance of our website, and enhancing user experience and product selection. We may use analytics tools (e.g., Google Analytics) that employ cookies or similar technologies to help us understand site traffic and activity.
  • Legal and Compliance: We may process personal data as required to comply with applicable laws and regulations, such as maintaining transaction records for tax and accounting purposes, verifying age for age-restricted products, and fulfilling our obligations under consumer protection laws. We also may use your information to enforce our Terms of Service and to protect our rights or the rights of other users, for example to detect and prevent fraud or security issues.

Legal Bases for Processing: Under the GDPR, we process personal data only when we have a lawful basis. The legal bases we rely on include: Contract (to provide the products or services you requested, e.g. processing your orders), Legal Obligation (to comply with laws or regulatory requirements), and Legitimate Interests (to improve our services, prevent fraud, and secure our site – we ensure our interests do not override your privacy rights). For any processing that is based on your consent (such as sending marketing emails if you have opted in), you have the right to withdraw consent at any time.

Cookies and Tracking

We use cookies and similar tracking technologies to operate and personalize our website. For example, cookies allow us to remember the items in your shopping cart and your preferences (like currency or language). They also help us gather aggregate data about site traffic and interactions so we can improve functionality. Some cookies are necessary for the site to function (e.g., for login security and checkout). Others are optional analytics or advertising cookies which will only be used with your consent.

When you first visit our site, you will be presented with a cookie notice and given the option to accept or decline non-essential cookies. You can adjust your cookie preferences at any time via our website or by configuring your browser settings to delete or block cookies. Please note that disabling cookies may affect certain features of the site (for instance, the shopping cart might not remember items).

For more information, please see our Cookie Policy (if available) or contact us with any questions about how we use cookies.

Disclosure of Your Information

No Sale of Personal Data: We do not sell, rent, or trade your personal information to third parties for their own marketing or other independent use. Your data is used only for the purposes listed in this policy.

Trusted Service Providers: We may share your information with trusted third-party partners who assist us in operating our business and providing services to you – but only to the extent necessary for those purposes and under strict obligations of confidentiality. For example:

  • Payment Processors: Your payment details are handled by secure third-party payment gateways (such as credit card processors or PayPal). These companies process your payments and are compliant with PCI-DSS security standards.
  • Shipping Companies: We share your name and delivery address (and contact phone or email as required for delivery notifications) with postal services or courier partners in order to ship your order.
  • IT and Hosting Providers: Our website might be hosted on servers provided by a third-party hosting company. Those providers may process technical data to ensure our site runs smoothly.
  • Analytics and Marketing Tools: We may use third-party analytics services (like Google Analytics) to collect information on site usage (as described in Cookies section). We might also use marketing platforms or email service providers to send newsletters or promotional communications, but only if you have subscribed or consented to such communications. These providers will have access to your email address and name for the purpose of sending emails on our behalf.

All third-party service providers acting on our behalf are contractually obligated to keep your information secure and to use it only for the specific services they are providing to us. They must process personal data in compliance with privacy laws (including GDPR) and our instructions. We do not permit them to use your data for their own unrelated purposes.

Legal Requirements and Protection: We may disclose personal information if required to do so by law or legal process, for example in response to a court order, subpoena, or a lawful request by government authorities (such as law enforcement). We may also release information when we believe it is necessary to enforce our site policies, investigate potential fraud, or protect the rights, property, or safety of Eagle Research Labs, our customers, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

Business Transfers: In the unlikely event that our company is involved in a merger, acquisition, sale of assets, or other business transition, user information (personal data) may be transferred as part of that deal. If such a transfer occurs, we will ensure the new owner is bound by terms that protect your personal data to at least the same standard described in this Privacy Policy.

International Data Transfers

Eagle Research Labs is based in the UK, but we serve customers worldwide. Consequently, your personal data may be transferred to and processed in countries outside of the United Kingdom. For example, if you are outside the UK, we will need to transmit your information to our UK servers and possibly to shipping partners in your country; or if we use a US-based email service or cloud provider, some data might be stored on servers in the United States or other jurisdictions.

When transferring data internationally, we will ensure appropriate safeguards are in place to comply with UK data protection standards. These safeguards may include:

  • Relying on a country’s adequacy decision (if the destination country is deemed by the UK to have an adequate level of data protection).
  • Implementing Standard Contractual Clauses or similar contractual obligations approved by regulators, which bind the recipient to protect your data according to GDPR standards.
  • For transfers to the US or other countries without an adequacy finding, ensuring our service providers certify to frameworks like the UK Extension to the EU-US Data Privacy Framework or otherwise commit to GDPR-level protections.

You can contact us for more information about the safeguards we use for international data transfers. We will not transfer your personal data to a third country unless it is lawful and we have taken necessary measures to protect it.

Data Security

We take security seriously and have implemented a variety of measures to help protect your personal information from unauthorized access, alteration, disclosure, or destruction. These include technical measures (such as encryption of data in transit via SSL/TLS, which secures the connection when you enter personal or payment information, and firewalls on our servers) as well as organizational measures (limiting access to personal data only to employees and contractors who need it for their job and subjecting them to confidentiality obligations). Sensitive information like payment details are handled by secure payment gateways. We do not store full credit card numbers or payment account details on our systems after the transaction is completed.

Despite our efforts to safeguard your data, please be aware that no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of information. You share and transmit data at your own risk. It is also important for you to protect against unauthorized access to your account credentials and to your computer/device. If you have any reason to believe that your interaction with us or your data might no longer be secure (for example, if you feel your account has been compromised), please contact us immediately.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which we collected it (as described above), unless a longer retention period is required or permitted by law. For example, we will keep your order and purchase records as long as needed to provide you with customer service, for our legitimate business records, and to comply with legal and tax requirements. Transaction records are generally maintained for at least 6 years to satisfy UK tax law and accounting obligations. If you have created an account, we retain your account information while your account remains active and for a reasonable period thereafter in case you decide to return.

We periodically review the data we hold and either delete it securely or anonymize it when it is no longer needed. When determining retention periods, we consider the nature of the data, the sensitivity, the potential risk of harm from unauthorized use or disclosure, the purposes of processing, and whether those purposes can be achieved by other means. For instance, if you unsubscribe from marketing emails, we will stop sending them and may retain your email on a suppression list to ensure we honor your opt-out request. If you request deletion of your data (see Your Rights below), we will remove your personal information unless we are required to keep it for legal reasons or it’s necessary to complete an ongoing transaction.

Your Rights and Choices

Under the GDPR (and UK data protection law), you have certain rights regarding your personal data. Subject to applicable law and certain exceptions, you have the right to:

  • Access Your Information: You can request a copy of the personal data we hold about you, and information about how we process it. This is commonly known as a Subject Access Request.
  • Rectification: You have the right to ask us to correct or update any inaccurate or incomplete personal data. We encourage you to keep your account information up-to-date, and you can also update some details by logging into your account.
  • Erasure: You may request that we delete your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing. We will comply unless an exemption applies (for instance, we may need to retain certain information to comply with legal obligations). This is sometimes called the “right to be forgotten.”
  • Restrict Processing: You have the right to ask us to restrict or suspend the processing of your personal data in certain situations – for example, while we investigate your claim that the data is incorrect or our processing is unlawful.
  • Object to Processing: You may object to our processing of your personal data where we rely on legitimate interests as the legal basis, and you believe your rights override our interests. You also have the absolute right to object to your personal data being used for direct marketing purposes at any time. If you object, we will stop such processing unless we demonstrate compelling legitimate grounds for the processing that override your rights, or it’s needed for legal claims.
  • Data Portability: In cases where we process your information by automated means under your consent or a contract, you have the right to request that we provide the personal data you gave us in a structured, commonly used, machine-readable format, and you can request that we transmit it to another data controller where technically feasible.

To exercise any of your rights, please contact us using the contact details provided below. We will respond to legitimate requests within one month, or inform you if we need an extension of time. We may need to verify your identity before fulfilling certain requests to ensure we don’t disclose data to an unauthorized person. Note that some rights may be limited by local law; for example, we cannot delete data that we are required to keep by law, or we may decline requests that are manifestly unfounded or excessive.

Marketing Communications: You have choices regarding marketing communications. If you have subscribed to our newsletter or otherwise consented to receive promotional emails, you may withdraw that consent at any time. You can opt-out by clicking the “unsubscribe” link in any marketing email or by contacting us. Once you opt out, we will stop sending you non-essential communications. (Please note we may still send transactional messages related to your orders or account, even if you opt out of marketing.)

Cookies: As noted above, you can manage cookies through your browser settings and our site’s cookie consent tool. See the Cookies section for more on how to control cookies.

Complaints: If you have a concern about our handling of your personal data, we kindly ask you to contact us first so we can address it. However, you also have the right to lodge a complaint with the relevant Data Protection Authority. In the UK, this is the Information Commissioner’s Office (ICO). You can find details on how to report a concern to the ICO on their website. If you are in another country, you may contact your local supervisory authority.

External Links

Our website may contain links to third-party websites or services (for example, references in our blog or links to partner organizations). Please note that we do not control the content or privacy practices of those external sites. This Privacy Policy applies only to our site. We encourage you to review the privacy policies of any third-party websites you visit. We are not responsible for the privacy practices, security, or content of external sites.

Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will post the updated policy on this page and update the “Last Updated” date at the bottom. In some cases, we may notify you by email or with a notice on our homepage that our privacy practices have changed. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of the website after any changes indicates your acceptance of the updated Privacy Policy.

Last updated: [Insert Date]

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how Eagle Research Labs handles your personal data, please contact us:

  • Email: privacy@eagleresearchlabs.co.uk
  • Address: Eagle Research Labs, United Kingdom

We will be glad to assist you with any queries or issues related to your privacy and data protection.