Privacy Policy
INTRODUCTION
This Privacy Policy describes how Elite Extracts Ltd ("we", "us", "our", or the "Site") collects, uses, and discloses your personal information when you visit www.elite-extracts.com or make a purchase from us.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what information we collect, how we use it, your rights, and how to contact us.
Data Controller:
Elite Extracts Ltd
Company Registration Number: 16928786
Registered in England & Wales
📧 Contact: support@elite-extracts.com
Elite Extracts Ltd
Company Registration Number: 16928786
Registered in England & Wales
📧 Contact: support@elite-extracts.com
1. PERSONAL INFORMATION WE COLLECT
When you visit or interact with our Site, we collect certain information about you. We refer to any information that can identify an individual as "Personal Information".
A. Device Information
|
Purpose
|
Source
|
Information Collected
|
Shared With
|
|---|---|---|---|
|
To load the Site accurately, perform analytics, and optimise user experience
|
Collected automatically via cookies, log files, web beacons, tags, or pixels
|
IP address, browser version, time zone, cookie identifiers, pages viewed, search terms, interaction data
|
Shopify (our e-commerce platform provider)
|
B. Order Information
|
Purpose
|
Source
|
Information Collected
|
Shared With
|
|---|---|---|---|
|
To process orders, fulfil contracts, arrange shipping, provide invoices, communicate with you, screen for fraud, and (with consent) send marketing
|
Provided directly by you during checkout or account creation
|
Name, billing address, shipping address, email address, phone number, payment information (processed securely via PCI-compliant gateways)
|
Shopify, payment processors, delivery couriers (e.g., Royal Mail)
|
C. Customer Support Information
|
Purpose
|
Source
|
Information Collected
|
Shared With
|
|---|---|---|---|
|
To respond to inquiries, resolve issues, and provide support
|
Provided directly by you via email, contact forms, or phone
|
Name, email address, order details, correspondence history, any additional information you choose to share
|
Internal support team; Shopify (if relevant to order)
|
D. Marketing & Communications (With Consent)
If you opt-in to receive marketing communications:
|
Purpose
|
Source
|
Information Collected
|
Shared With
|
|---|---|---|---|
|
To send newsletters, product updates, promotions, and personalised offers
|
Provided by you via newsletter signup or preference centre
|
Email address, purchase history, browsing preferences (with consent)
|
Email marketing platforms (e.g., Shopify Email, Klaviyo)
|
2. HOW WE USE YOUR PERSONAL INFORMATION
We use your Personal Information for the following purposes:
✅ To fulfil our contract with you: Process orders, arrange delivery, provide customer support, and manage your account.
✅ Legitimate business interests:
- Improve our Site, products, and services
- Analyse usage trends and optimise user experience
- Prevent fraud and enhance security
- Communicate about order updates or service changes
✅ With your consent:
- Send marketing emails, newsletters, or promotional offers
- Use cookies for analytics and personalised advertising
- Share information with third-party advertising partners (see Section 4)
✅ To comply with legal obligations: Meet tax, accounting, consumer protection, and data protection requirements under UK law.
3. LAWFUL BASIS FOR PROCESSING (UK GDPR)
If you are a resident of the UK or European Economic Area (EEA), we process your Personal Information under one or more of the following lawful bases:
🔹 Consent: Where you have explicitly agreed (e.g., marketing emails, non-essential cookies). You may withdraw consent at any time.
🔹 Contractual necessity: To fulfil orders and provide services you have requested.
🔹 Legal obligation: To comply with UK tax, consumer, or data protection laws.
🔹 Legitimate interests: For business operations that do not override your fundamental rights (e.g., fraud prevention, Site improvement). We conduct legitimate interest assessments where required.
🔹 Vital interests: Rarely, to protect someone's life or safety.
4. SHARING YOUR PERSONAL INFORMATION
We share your Personal Information only with trusted third parties who help us operate our business, under strict data processing agreements:
🔸 Shopify: Our e-commerce platform provider. Shopify processes your data to power our online store, process payments, and manage orders.
🔗 Shopify Privacy Policy
🔗 Shopify Privacy Policy
🔸 Payment Processors: Secure, PCI-DSS compliant providers (e.g., Stripe, PayPal) to process transactions. We do not store full credit card details.
🔸 Delivery Partners: Royal Mail and other couriers to fulfil shipping. We share name, address, and contact details only as necessary for delivery.
🔸 Analytics & Advertising Partners:
- Google Analytics: To understand Site usage. You can opt out: Google Analytics Opt-out
-
Meta (Facebook) & Google Ads: For targeted advertising (with consent). Manage preferences:
• Facebook Ad Settings
• Google Ad Settings
🔸 Professional Advisors: Lawyers, accountants, or insurers where required for legal compliance or business protection.
🔸 Law Enforcement: Where required by law, subpoena, or to protect our rights, safety, or property.
We do not sell your Personal Information to third parties.
5. INTERNATIONAL DATA TRANSFERS
Your Personal Information may be transferred to, and processed in, countries outside the UK, including the United States and Canada (where Shopify and some service providers are based).
Where transfers occur, we ensure appropriate safeguards are in place, such as:
- UK International Data Transfer Agreements (IDTAs)
- Adequacy decisions by the UK Government
- Standard Contractual Clauses approved by the UK ICO
6. DATA RETENTION
We retain your Personal Information only for as long as necessary:
📦 Order Information: Kept for 6 years to comply with UK tax and consumer law requirements.
👤 Account Information: Retained while your account is active, or as needed to provide services. You may request deletion at any time.
📧 Marketing Data: Retained until you unsubscribe or withdraw consent.
🍪 Cookie Data: Duration varies by cookie type (see Section 8). Session cookies expire when you close your browser; persistent cookies expire between 30 minutes and 2 years.
You may request erasure of your data at any time (see "Your Rights" below), subject to legal retention obligations.
7. AUTOMATED DECISION-MAKING & PROFILING
We do not use fully automated decision-making that produces legal or similarly significant effects concerning you.
However, our processor Shopify uses limited automated fraud prevention, which may include:
- Temporary blacklisting of IP addresses associated with repeated failed transactions (persisting for a few hours)
- Temporary blacklisting of payment cards linked to suspicious activity (persisting for a few days)
These measures do not have a legal or significant effect on you and are designed to protect both customers and our business.
You have the right to object to automated processing. Contact us at support@elite-extracts.com to exercise this right.
8. COOKIES & SIMILAR TECHNOLOGIES
What Are Cookies?
Cookies are small text files placed on your device when you visit our Site. They help the Site function efficiently, remember your preferences, and provide analytics.
Types of Cookies We Use
🔹 Strictly Necessary Cookies (Always Active)
Required for the Site to function. Cannot be disabled.
|
Cookie Name
|
Purpose
|
Duration
|
|---|---|---|
_secure_session_id |
Enables navigation and secure checkout
|
24 hours
|
cart, cart_currency
|
Remembers items in your shopping cart
|
2 weeks
|
checkout_token |
Facilitates secure checkout process
|
1 year
|
secure_customer_sig |
Maintains secure customer login session
|
20 years
|
🔹 Performance & Analytics Cookies
Help us understand how visitors use our Site to improve performance.
|
Cookie Name
|
Purpose
|
Duration
|
|---|---|---|
_shopify_s, _shopify_y
|
Shopify analytics for Site usage
|
30 min / 1 year
|
_ga, _gid
|
Google Analytics for traffic analysis
|
24 hours / 2 years
|
_landing_page |
Tracks page entry points for optimisation
|
2 weeks
|
🔹 Functionality Cookies
Remember your preferences (e.g., region, language) for a personalised experience.
|
Cookie Name
|
Purpose
|
Duration
|
|---|---|---|
_shopify_country |
Remembers your selected region for checkout
|
Session
|
_tracking_consent |
Stores your cookie consent preferences
|
1 year
|
🔹 Targeting & Advertising Cookies (With Consent)
Used to deliver relevant ads and measure campaign effectiveness.
|
Cookie Name
|
Purpose
|
Duration
|
|---|---|---|
_fbp, _ga
|
Enables personalised advertising via Meta & Google
|
3 months / 2 years
|
shopify_audiences |
Shares purchase data (with consent) to show relevant ads across Shopify merchants
|
Varies
|
Managing Cookies
You can control cookie preferences:
- Via our cookie banner when you first visit the Site
- Through your browser settings (see "Tools" or "Preferences" menu)
- By visiting www.allaboutcookies.org for guidance
⚠️ Disabling non-essential cookies may limit Site functionality or personalisation.
Do Not Track (DNT)
As there is no consistent industry standard for responding to "Do Not Track" signals, we do not alter our data practices when such a signal is detected. However, you may manage tracking preferences via the cookie controls above.
9. YOUR RIGHTS (UK GDPR)
If you are a resident of the UK or EEA, you have the following rights regarding your Personal Information:
🔹 Right of Access: Request a copy of the data we hold about you.
🔹 Right to Rectification: Request correction of inaccurate or incomplete data.
🔹 Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal obligations.
🔹 Right to Restrict Processing: Request we limit how we use your data in certain circumstances.
🔹 Right to Data Portability: Request your data in a structured, machine-readable format.
🔹 Right to Object: Object to processing based on legitimate interests or for direct marketing.
🔹 Rights Related to Automated Decision-Making: Object to profiling or automated decisions with legal/significant effects.
🔹 Right to Withdraw Consent: Withdraw consent for marketing or non-essential cookies at any time.
🔹 Right to Rectification: Request correction of inaccurate or incomplete data.
🔹 Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal obligations.
🔹 Right to Restrict Processing: Request we limit how we use your data in certain circumstances.
🔹 Right to Data Portability: Request your data in a structured, machine-readable format.
🔹 Right to Object: Object to processing based on legitimate interests or for direct marketing.
🔹 Rights Related to Automated Decision-Making: Object to profiling or automated decisions with legal/significant effects.
🔹 Right to Withdraw Consent: Withdraw consent for marketing or non-essential cookies at any time.
How to Exercise Your Rights
Contact us at support@elite-extracts.com with:
- Your full name and contact details
- A description of your request
- Any relevant account or order information to help us locate your data
We will respond within one calendar month, as required by law. For complex requests, this may be extended by two further months (with notification).
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
🔗 ico.org.uk | 📞 0303 123 1113
🔗 ico.org.uk | 📞 0303 123 1113
10. MINORS & AGE RESTRICTIONS
Our Site and products are intended for individuals aged 18 and over. We do not knowingly collect Personal Information from children under 18.
If you are a parent or guardian and believe your child has provided us with information, please contact us immediately at support@elite-extracts.com. We will take steps to delete such information from our records.
11. SUPPLEMENT PRODUCTS & DATA USE
As a supplement retailer, we handle health-related preferences with care:
- We do not collect sensitive health data unless voluntarily provided (e.g., in customer support messages).
- Any health-related information you share is used solely to provide appropriate product recommendations or support.
- We never use health information for automated profiling or targeted advertising without explicit consent.
12. SECURITY MEASURES
We implement appropriate technical and organisational measures to protect your Personal Information, including:
- SSL/TLS encryption for data transmission
- Secure, PCI-DSS compliant payment processing
- Access controls and staff training on data protection
- Regular security reviews and updates
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. If you suspect a security issue, contact us immediately.
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The "Last Updated" date at the top of this page will indicate when changes were made.
We encourage you to review this policy regularly. Continued use of our Site after changes constitutes acceptance of the updated policy.