Privacy Policy

Effective Date: 1st July 2025

Privacy Policy and GDPR Statement:

RSS Online Ltd, trading as RecoverySupplement.Store (“we”, “us”, “our”, or “RSS”) respects your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website www.recoverysupplement.store or interact with our services. By accessing or using our website, you agree to the practices described in this policy.

1. What Personal Information We Collect

We collect personal data that you voluntarily provide when:

  • Making a purchase
  • Subscribing to our email list
  • Creating an account
  • Contacting us via form or support email
  • Personal data may include:
    • Full Name
    • Billing and Shipping Address
    • Email Address
    • Phone Number
    • Order Details
    • Payment method (processed securely, no card details are stored by us)

If you opt in to marketing communications, we may confirm your subscription via a double opt-in email for additional transparency and security.

We also automatically collect certain technical information:

  • IP address
  • Browser type and device data
  • Pages viewed and time spent
  • Referring website

 2. How We Use Your Personal Information

We process your data for the following purposes:

  • To fulfil your orders and deliver products
  • To provide order updates and customer service
  • To send you relevant email marketing (only if you opt in)
  • To personalise your shopping experience
  • To maintain legal and financial records
  • To improve our site’s performance and product offerings

 2a. Lawful Basis for Processing (UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we must have a valid reason to use your personal data. We rely on the following lawful bases:

  • Consent – for marketing communications or optional services, which you may withdraw at any time
  • Contractual necessity – to fulfil orders, process payments, and provide customer service
  • Legal obligation – for compliance with UK tax, accounting, and regulatory duties
  • Legitimate interests – to operate and improve our business, prevent fraud, and ensure security (only where your rights do not override these interests)

 3. Sharing Your Information

We do not sell your data. Your information is shared only with:

  • Shopify (our e-commerce platform)
  • Payment processors (e.g. Stripe, PayPal)
  • Shipping providers (to deliver your orders)
  • Marketing tools (e.g. email platforms like Klaviyo, if opted in)
  • Analytics services (Google Analytics, Facebook Pixel)

All partners are GDPR-compliant and bound by confidentiality agreements.

4. Behavioural Advertising & Analytics

We use cookies and pixels to:

  • Show you targeted ads
  • Understand browsing behaviour
  • Track marketing effectiveness

You can opt out of targeted ads by visiting:

Or disable cookies via your browser settings.

5. Your Rights (GDPR)

If you are a UK or EU resident, you have the right to:

  • Access your personal data
  • Request correction or deletion
  • Withdraw consent for marketing
  • Request data portability
  • Object to how your data is processed 

To exercise any rights, contact us at support@recoverysupplement.store

6. Data Retention

Customer and order data is retained for up to 6 years to comply with HMRC and warranty obligations. Marketing consent is reviewed periodically and removed upon withdrawal.

We retain your personal data only as long as necessary:

  • For legal/accounting obligations
  • To fulfil your orders
  • For support or refund queries

You may request deletion of your data unless we’re legally required to retain it. 

7. Data Security

We take all reasonable steps to protect your data using:

  • SSL encryption
  • Access controls
  • Secure third-party processors

If a data breach occurs, we will notify affected users in accordance with GDPR regulations.

8. Third-Party Services & Links

Our site may contain links to other websites. We are not responsible for their content or privacy practices. We recommend you review their privacy policies before providing personal data.

9. Cookies

Cookies help us improve your experience. By using our site, you agree to our cookie use. You can manage your preferences through your browser or opt out at https://www.aboutcookies.org.

We use a cookie consent tool to help manage your preferences in accordance with PECR and GDPR

10.  California Consumer Privacy Act (CCPA) / Global Visitors

If you are accessing our site from outside the UK, including the US or EU, you do so at your own discretion and are responsible for compliance with local laws.
We currently do not fall under the scope of the California Consumer Privacy Act (CCPA), but we are committed to data transparency globally.

11. Children’s Privacy

We do not knowingly collect personal information from children under 18. If we learn a child has provided us with personal data, we will delete it promptly.

12.  Data Protection Officer

For all privacy-related matters, please contact our Data Protection Lead at:
Email: support@recoverysupplement.store

13. Changes to This Policy

We may update this Privacy Policy as needed. Changes will be posted on this page with an updated effective date. Continued use of the site signifies acceptance of any updates.

 14. Contact Us

For any questions or data requests, contact:
Email: support@recoverysupplement.store
Post: First Floor, 85 Portland Street, London, W1W 7LT, United Kingdom

 

GDPR Statement & Regulatory Information

 Effective Date: 1st July 2025
Company Name: Recovery Supplement Store Ltd
Company Number: 16489881
Registered Office: First Floor, 85 Portland Street, London, W1W 7LT, United Kingdom
Data Protection Lead: support@recoverysupplement.store

Our Commitment to GDPR Compliance

RSS complies fully with the UK General Data Protection Regulation (UK GDPR), retained from the EU GDPR following Brexit, and the Data Protection Act 2018. We are committed to safeguarding the privacy of all individuals whose personal data we collect, store, or process.

Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Right to access – You can request a copy of your personal data.
  • Right to rectification – You may request corrections to inaccurate or incomplete information.
  • Right to erasure – You can request that we delete your data, subject to legal or contractual obligations.
  • Right to restrict processing – You may request a halt to processing in certain cases.
  • Right to data portability – You may request a copy of your data in a structured, machine-readable format.
  • Right to object – You may object to processing based on legitimate interest or for direct marketing.
  • Right to withdraw consent – At any time, where we rely on consent for processing.

To exercise these rights, contact:
Email: support@recoverysupplement.store
We will respond within 30 days, in accordance with UK GDPR timelines.

Data Collection & Processing

We collect and process personal data only when necessary:

  • To fulfil your orders
  • To provide customer service and transactional communication
  • For marketing (if you opt in)
  • To comply with legal obligations

Data is collected directly (via forms, orders) and automatically (via cookies, analytics). All processing activities are documented and regularly reviewed for compliance.

Data Storage and Retention

We retain personal data only as long as necessary:

  • For customer service and legal requirements
  • For warranty, tax, and accounting obligations (typically 6 years under HMRC rules)

Your data is stored securely via Shopify servers and trusted third-party providers who are GDPR-compliant.

Data Transfers Outside the UK / EU

Our site is hosted on Shopify Inc., Shopify’s data centres may be located in Canada, the United States, and other jurisdictions. Data transfers are safeguarded under Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, in compliance with ICO requirements.

Security Measures

We take appropriate technical and organisational measures to protect your personal data, including:

  • SSL encryption
  • Access controls
  • Partner contracts with data processors
  • Regular risk assessments and breach protocols

In the unlikely event of a breach, we will notify you and the ICO where required by law.

Supervisory Authority Contact

If you are dissatisfied with how we handle your data, you may contact:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113