Privacy policy
Last updated: [DATE]. This policy explains how Vexar Lab Ltd (“Vexar Lab”, “we”, “us”) collects, uses and protects personal data when you use vexarlab.store. We process personal data in accordance with the UK GDPR and the Data Protection Act 2018.
1. Who we are
Vexar Lab Ltd is the data controller for personal data collected through this website.
| Legal entity | Vexar Lab Ltd |
| Company number | [COMPANY REGISTRATION NUMBER] |
| Registered address | [REGISTERED ADDRESS] |
| Data contact | [PRIVACY CONTACT EMAIL] |
2. Data we collect
- Account & order data — name, business/lab name, email, billing and shipping address, phone, order history.
- Payment data — processed by our payment provider; we do not store full card details on our servers.
- Custom labelling data — any logo or artwork file you upload at checkout.
- Communications — messages you send via our contact form or live chat.
- Marketing data — email address if you subscribe to our newsletter.
- Technical data — IP address, browser type, and cookie data (see our Cookie Policy).
3. How we use your data & lawful basis
| Purpose | Lawful basis |
|---|---|
| Processing and fulfilling orders | Performance of a contract |
| Customer support and enquiries | Legitimate interests |
| Age/research-eligibility confirmation | Legal obligation / legitimate interests |
| Marketing emails (newsletter) | Consent |
| Fraud prevention and site security | Legitimate interests |
| Accounting and legal compliance | Legal obligation |
4. Sharing & processors
We share data only with service providers who process it on our behalf, including:
- Payment provider — [PAYMENT PROCESSOR] for payment processing.
- Shipping/courier — [COURIER] for delivery.
- Mailchimp — newsletter delivery (if you subscribe).
- Tidio — live chat support.
- Hosting provider — [HOSTING PROVIDER] for website hosting.
We do not sell your personal data.
5. International transfers
Some processors may store data outside the UK/EEA. Where this occurs, we rely on appropriate safeguards such as UK adequacy regulations or standard contractual clauses.
6. Retention
We keep order and accounting records for as long as required by law (typically six years for tax purposes). Marketing data is kept until you unsubscribe. Uploaded label artwork is kept only as long as needed to fulfil your order unless you ask us to retain it for repeat orders.
7. Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time. To exercise any right, contact [PRIVACY CONTACT EMAIL]. You also have the right to lodge a complaint with the Information Commissioner’s Office (ico.org.uk).
8. Security
We use appropriate technical and organisational measures — including HTTPS encryption and access controls — to protect your data. No method of transmission is completely secure, but we take reasonable steps to safeguard your information.
9. Changes
We may update this policy from time to time. The latest version will always be posted on this page with the revised date.