iüLabs Ltd is a company registered in England and Wales, Reg Company Number: 13879817 (Collective referred to as “iüLabs”, “We” “Us” in this policy.) For the purpose of the Data Protection Act 2018 (the Act), and Article 12 of the General Data Protection Regulations (GDPR) 2018 the data controller is iüLabs Ltd, 73 Park Lane, Croydon, CR0 1JG.

Maintaining the security of your data is a high priority at iüLabs, and we are committed to respect your privacy rights and want to be transparent about what data we collect about you and how we use it. This policy applies when you visit our website and shares information with you on how we use your data, what we collect, how we ensure privacy is maintained and your legal rights relating to your personal Data.

UK and EU data is covered by GDPR but we treat all global customer data with the same high standards and follow the same process set out under GDPR.

What Personal Data We Collect

iüLabs may collect the following information about you:

• Your name
• Your contact details: postal address, billing address and despatch address (if different), telephone numbers (including mobile number) and e-mail address
• Purchases and orders made by you
• Your browsing activity while on the iüLabs website
• Your password if you create a registered account (not compulsory)
• Payment details (your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions)
• Marketing and communication preferences
• Feedback and survey responses
• Reviews of our products or services
• Location via IP Address
• Device information when navigating our website
• Usage Information: Data on how you interact with our website

This list is not exhaustive and we may collect additional information under specific instances. Some of the above data is collected directly, for example if you email our customer services team or create a order. Other personal data is collected indirectly, for example through your browsing and shopping on our site. We may also collect personal data from third parties who have your permission to pass your details to us, or from publicly available sources. All data is collected to provide personalized insights, improve the effectiveness of the supplement as well as to optimize your overall user experience on our website.

How We Collect Information about You

When you visit our website we may automatically collect information about your computer, including your IP address, information about your visit, your browsing history, and how you use our website. This information is combined with other information for example, completing contact forms or when you order, we need to have your name, e-mail address, card number and card expiry date. Without this information we will not be able to process your request or notify you of acceptance of your order. A contact telephone number may also be required so that we may contact you urgently if there is a problem with your order.

How We Use Your Personal Information

We use personal information about you for the following purposes:

General

• When processing your order or contact query
• Providing information about our products which can be personalised based on the information we have collected about you
• To verify your identity
• For crime and fraud prevention, detection and related purposes

Marketing

The effectiveness of the advertising we serve you and others

• Make suggestions and recommendations to you and other users of our site about the products we offer
• With your agreement, to contact you electronically or through the post with promotional offers and products we think may interest you, so that you have exclusive access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. If you would not like to receive these notifications, please select the relevant tick box at the basket/checkout page. For emails you can unsubscribe from all communications by simply clicking on the unsubscribe link placed in the end of every email communication we send. If, in the past, you have chosen to be notified and you no longer wish to receive correspondence from us please send an email to hello(at)iulabs.co write to: Customer Services, iüLabs Ltd, 73 Park Lane, Croydon, CR0 1JG and we will update your preferences.

Profiling

We may analyse your information to create a profile of your interests, preferences and purchase history so that we can contact you or provide you on your visit with more relevant products and information that would be interesting for you. We may source additional information from 3rd parties to enhance this.

You have a right to object to profiling. If you would like to do so or if you would like to know more about this process then please contact hello(at)iüLabs.co

Security Of Your Data

We follow a tight security procedure as required under UK Data Protection Legislation (the Data Protection Act 2018) and in future Article 32(1) GDPR to protect the information that we store about you from unauthorised access. Our secure payment is via the highly respected and secure Stripe online payment system and information between you and us is 256 bit encrypted. We perform daily malware scans and restrict data access and have a internal confidentiality policy as follows:

Within iüLabs Ltd we protect your privacy in 4 ways:

• Access to customer account information is limited to those who need access for the performance of their job
• We use full login and password controls on our sales control system
• All full and part-time employees are required to sign a confidentiality clause as part of their terms of employment with the company
• Confidentiality and database access controls are reviewed periodically and updated as required to further protect your personal data

3rd Party Data Access

As with many businesses iüLabs relies on a number of core service providers who held fulfill our promise to you when you place an order, these may include our delivery partners such as Royal Mail and Huboo, our payment gateway and others within IT infrastructure and marketing services to help our business run smoothly and create a good experience for you.

iüLabs may use the services of third parties to collect and use anonymous information about user visits to and interactions with our website through the use of technologies such as cookies. These third-party companies may collect and use non-personally identifiable information (e.g., click stream information, browser type, time and date, subject of advertisements clicked or scrolled over) during your visit to this website [and/or other websites] in order to provide advertisements about goods and services likely to be of greater interest to you. These third-party companies may use cookies and other technologies to recognise your browser to collect and record information about your web surfing activity including your activities on this website.

You may visit the European Interactive Digital Advertising Alliance at http://youronlinechoices.eu to learn more about interest-based advertising, or to opt out of receiving advertisements tailored to your interests on your browser, from their respective members and participants.

Meta Conversion API

The Meta conversion API is used to optimise ad placement using back office data to decrease costs and measure the data, this is combined with the Meta Pixel. you can opt out of the data transmission via our privacy notification tool by deselecting the marketing option.

First Party Cookie Integration

We may also use technologies, such as our own cookies, to provide you with relevant online display advertising tailored to your interests. To opt out of our cookies used for this online advertising or to submit a data subject request specific to these technologies, click here.

Where data is shared with third parties we aim to ensure that this transfer is as secure as possible, we will conduct an audit of this process and potential impact on you plus we require all 3rd parties we work with to have a contract which outlines their compliance with appropriate data protection laws and that the use of the data is only used in relation to the purpose it is meant. Such as:

EverWebinar: We conduct our online webinars using EverWebinar. To view more about how they protect this data please review their privacy policy.

Huboo: Deliveries to the UK and Northern Ireland are handled by our distribution partner Regenerus labs. Please see their privacy policy to understand how they record and secure your information. We also use Huboo to process live shipping rates and shipment fees.

Klaviyo: A marketing platform which enables us to personalise our emails and site based on buying habits and visitor information. To find out more about how they secure data please see their data processing agreement and privacy center.

Referral Candy: We use ReferralCandy to manage our referral program - so that you can receive a reward for recommending our products to your friends. Please refer to their privacy policy to learn more about how they secure your data.

Refersion: This platform is our affiliate partner platform. For more information on how they use and secure data please see their privacy policy.

Recharge: To enhance your subscription experience, we partner with Recharge. They assist us in managing subscription preferences and processing payments efficiently. Please consult Recharge's privacy policy to gain a better understanding of how they handle and secure your data when using their services in conjunction with ours. We are committed to protecting your privacy while providing you with the best subscription experience possible.

Shopify: Our e-commerce platform of choice is Shopify, which powers our online store. We want to assure you that your data privacy is a top priority. Shopify is a trusted partner that helps us deliver a seamless shopping experience. When you make a purchase or interact with our online store, certain personal information may be collected and processed by Shopify, such as order details and payment information, solely for the purpose of facilitating your transactions. To better understand how Shopify handles and secures your data, please review their privacy policy. Rest assured, we are committed to safeguarding your privacy while providing you with a convenient and secure online shopping experience. Your trust in us is essential, and we value your privacy concerns.

Stripe: We rely on Stripe, a trusted payment processing platform, to securely handle your payments. Your financial information is processed with the highest level of security. For more details on how Stripe manages your data, please refer to their privacy policy.

Xero: Xero is our accounting software for efficient financial management. We are committed to safeguarding your data privacy, and Xero shares this commitment. To understand how Xero handles your financial information, please review their privacy policy. Your trust in us is essential, and we prioritize the security of your data.

YotPo: Our reviews partner. After purchasing you are emailed and invited to leave a review about our products and services. This is classed as market research and your personal information will be shared with YotPo, solely for the purpose of leaving us a review. We hope you enjoyed your iüLabs experience and would value your feedback, the good, the bad and the could be improved :-) You will be able to unsubscribe from these emails and it is totally optional on whether you would like to leave a review. To find out more about YotPo who acts as our processor but becomes a Controller of data if you sign up to write a review please review their privacy policy.

Zapier: We use Zapier to automate repetitive tasks between two or more apps or websites. Please refer to their privacy policy to learn more.

Your Rights

If, for any reason, you are unsure about the personal and account information we are holding in your name, please contact our customer service team . They will happily review your file and update the records if required whether this is simply updating incorrect or out-of-date information or opting out of communications. You can contact our customer service team by email or phone.

Right of Access – in accordance with Article 15 GDPR, you are entitled to obtain information, free of charge, about your saved data, where applicable, has a right to the correction, blocking, deleting of data (Article 5 (1 d), e) Article 12 and 17-19 GDPR). On Request IÜLABS shall inform the user in line with Valid Law in Writing of the User’s personal data (after appropriate security check to prove identity) we have saved. To request information that we may hold on you please email hello(at)iüLabs.co with the subject line “Right of Access Request”. We will have one month (unless complex this can then be extended for 2 months) to respond to your request and will provide it in a common electronic format (CSV).

Right to lodge a complaint – In accordance to Article 77 GDPR. You have the right to complain to a supervisory body if you feel your data is being misused. Contact the ICO (Information Commissioners Office) for more information. We would hope that you would discuss with us any concerns so that we could look to rectify before it gets this far.

Right to Data Portability – In accordance to article 20 GDPR. You have the right to receive the personal data concerning yourself which you have provided to IÜLABS as the data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to be Forgotten – In accordance with Article 17 GDPR, You have a right for your data to be forgotten and erased (anonymised personal data) from our systems. if you would like this to happen please email hello@iuLabs.co with the Subject Line “Right to be Forgotten Request”. We will need to confirm your identity before doing this and we will be extremely sorry to see you go. Please note under some circumstances we may be able to refuse this request for example the HMRC requires companies to keep records of VAT for up to 6 years plus under terms of good of sale we may delay the erasure process until after the 14 days returns and refunds policy has expired after your last purchase.

Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted in sources at a later date with no knowledge that you were once previous customer.

Please note, as advised by the ICO an Audit log comprising of just a name, plus the date the request came in, is kept for any access requests. A name on its own is not classed as personal identifiable information.

Cookies

What are cookies

A cookie is a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website.

This Website may place and access certain cookies on your computer. We use these cookies to improve your experience of using the Website and to improve our range of products.

Cookies do not usually contain any information that personally identifies you, the Website user. However, personal information that we store about you may be linked to the information obtained from and stored in cookies.

Types of cookies

Strictly necessary cookies

These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of the Website, use a shopping cart or make use of e-billing services.

Analytical/ performance cookies

These cookies allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies

These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). By using the Website, you agree to our placement of functionality cookies

Targeting/ marketing cookies

These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose

How to Control Your Cookies

We give you control over which cookies we use. You can easily adjust your cookie preferences anytime by clicking on the cookie banner located at the bottom left corner of our website.

You can also choose to enable or disable cookies in your internet browser. By default, most internet browsers accept cookies but this can be changed. For further details, please see the help menu in your internet browser.

You can switch off cookies at any time, however, you may lose information that enables you to access the Website more quickly and efficiently.

It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.

Cookie Schedule

Below is a list of the cookies that we use. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know.

Strictly necessary cookies
_cmp_a
The "_cmp_a" cookie is associated with a consent management platform (CMP) used by our website to manage user consent for cookies and data collection. It stores information related to a user's cookie preferences and choices regarding data privacy and consent. CMP cookies help websites comply with data protection regulations, such as the General Data Protection Regulation (GDPR), by allowing users to provide or withdraw their consent for specific types of cookies and data processing activities.
Duration: 1 day

secure_customer_sig
The "secure_customer_sig" is designed to maintain a secure session for authenticated customers to enhance their shopping experience and protect their data on our Shopify website. While it may contain some user-specific information related to the session, it typically doesn't store personally identifiable information. For more details on its usage and management, you can refer to the website's cookie policy.
Duration: 1 year


Functionality cookies
n/a

Analytical/performance cookies
_ga_
The _ga_ cookie functions in the same way as the regular _ga cookie, and it is used to distinguish unique users by assigning a randomly generated number as a client identifier. This helps calculate visitor, session, and campaign data for the site's analytics reports.
Duration: 2 years

_gcl_au
The "_gcl_au" cookie is used for Google AdSense and Google Analytics integration on the website. This cookie is set by the Google Tag Manager (GTM) to help manage and track AdSense and Google Analytics events and conversions.Here's what this cookie is used for: Google AdSense Integration: Google AdSense is a program by Google that allows website owners to display targeted advertisements on their sites and earn revenue based on user interactions with those ads. The "_gcl_au" cookie helps track ad clicks, conversions, and other interactions related to AdSense ads. Google Analytics Integration: Google Analytics is a popular web analytics service provided by Google. It helps website owners track and analyze various aspects of website traffic and user behavior. The "_gcl_au" cookie allows Google Analytics to associate user interactions with AdSense ads to measure the effectiveness of the ads in generating website traffic, conversions, and other key metrics.
Duration: 90 days

_landing_page
The "_landing_page" cookie records the landing page you first arrived at when visiting our website. It assists in tracking your navigation but doesn't contain personal information. 
Duration: 2 weeks

_orig_referrer
The "_orig_referrer" cookie stores the original referral source that brought you to our website. It helps track how you found the site but does not contain personal information.
Duration: 2 weeks

_shopify_s
The "_shopify_s" cookie is a Shopify-specific cookie used for session management on our e-commerce website. It helps maintain your shopping cart and user session during your visit. This cookie doesn't store personal information. 
Duration: 30 minutes

_shopify_sa_p
The "_shopify_sa_p" cookie is a component of Shopify's tracking and analytics system. It is used to gather data about your interactions with our website but generally does not contain personal information. 
Duration: 30 minutes

_shopify_sa_t
The "_shopify_sa_t" cookie is a Shopify-related cookie used for tracking and analytics purposes. It helps gather information about your website interactions but does not contain personal data. 
Duration: 30 minutes

_shopify_y
The "_shopify_y" cookie is used by Shopify to track your website activity, personalize your shopping experience, and improve the site. 
Duration: 1 year


Targeting/ marketing cookies
__kla_id
It is used by Klaviyo, a platform that provides email marketing services. The __kla_id cookie is used for tracking visitors' activities on the website, including which pages have been visited and what actions have been taken.
Duration: 2 years

_fbp
This cookie is used by Facebook to deliver a range of advertising products such as real-time bidding from third-party advertisers.
Duration: 90 days

Legal Basis for iüLabs Processing Customer Data

General

iüLabs collects and uses customers’ personal data because it is necessary for the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or complying with our legal obligations. In general, we only rely on our legitimate interest or permission (e.g. when you tick a box to send us an email via our Contact us form) as a legal basis for processing in relation to sending direct marketing communications to customers via post, email or text messages. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing we will cease to process data after consent is withdrawn.

Our Legitimate Interests

It is necessary for the legitimate interests of iüLabs to process customer data as follows:

• Selling and supplying goods and services to our customers
• Protecting customers, employees and other individuals and maintaining there safety, health and welfare
• Promoting, marketing and advertising our products and services
• Personalising communications or content within emails and onsite
• Understanding customers behavior, activities, preferences and needs
• Improving existing or developing new products and services
• Complying with legal and regulatory obligations
• Preventing, investigating and detecting crime, fraud, or anti-social behavior and prosecuting offenders, including working with law enforcement agencies
• Protecting iüLabs, its customers, suppliers and employees, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to iüLabs
• Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders
• Providing customers with personalized recommendations based on their data.
• Improving product development and enhancing the overall customer experience.
• Tracking the benefit of our supplement on your health and overall wellbeing
• Improving the effectiveness of our supplements

For more information around GDPR and Legitimate interest please see the ICO website guide here. For details relating to E-mail marketing and PECR regulations please see the ICO guide here.

Transferring Your Information Outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (EEA). For example International customers are redirected to a 3rd party payment system outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, You’re agreeing to this transfer, storing and processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.

Data retention policy

Any information relating to your account (including order history, communications and correspondence records) is kept while you are still an active customer. If you have not bought within 6 years all data will be safely destroyed. We hold very little paper records but any relevant materials will be shredded. Electronic data sets will be deleted or anonymised from master sources and backups. An automated process to identify, alert and process these deletions is in place.

Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted in sources at a later data with no knowledge that you were once previous customer.

External Links

Please note that within our website are a number of external links to other websites and companies, if you click on these then you will be subject to that 3rd parties privacy policies and not iüLabs.

This Privacy Document was last updated on the 16th January 2024