Privacy Notice
Last updated: __INSERT DATE BEFORE GOING LIVE__
Draft — review with a UK solicitor before going live.
You will also need to register as a data controller with the ICO
(
£40–£60/year)
before you start handling personal data of UK residents at any meaningful scale.
1. Who we are
In this notice "HelixSource", "we", "us", and "our" refer to HelixSource
[Ltd, once incorporated], a UK supplier of research peptides operating
helixsource.co.uk. Our trading
address is __INSERT REGISTERED ADDRESS__ and you can reach us at
hello@helixsource.co.uk.
For the purposes of UK GDPR and the Data Protection Act 2018, HelixSource
is the data controller of personal data collected via
this Site.
2. What personal data we collect
We only collect what we actually need:
- Contact-form submissions: name, email, optional
institution, the nature of your enquiry, and your message.
- Email correspondence: anything you choose to send us
when you write to hello@helixsource.co.uk.
- Server / hosting logs: IP address, user-agent,
timestamp, and pages visited. These are collected by our hosting
provider (Cloudflare) for security and abuse prevention.
We do not currently set non-essential cookies or run third-party analytics.
See our cookies notice for detail.
3. Why we collect it (lawful bases)
- To reply to your enquiry — lawful basis: legitimate
interest (responding to a message you have voluntarily sent us) and,
where relevant, taking steps at your request prior to entering into a
contract.
- To prevent abuse and secure the Site — lawful basis:
legitimate interest in maintaining service security.
- To send you launch updates — lawful basis: consent
(we only do this if you explicitly opt in).
4. Who we share it with
Limited to the processors we rely on to run the Site:
- Formspree, Inc. — processes contact-form submissions
and forwards them to
hello@helixsource.co.uk.
See Formspree privacy policy.
- Cloudflare, Inc. — hosts the Site (Cloudflare Pages)
and forwards email sent to
@helixsource.co.uk addresses via
Cloudflare Email Routing. See Cloudflare privacy policy.
- Google LLC — the destination inbox for forwarded
email is a Gmail account. See Google privacy policy.
We do not sell your personal data. We do not transfer it outside the UK
/ EEA except where the processors named above do so under appropriate
safeguards (such as the UK International Data Transfer Addendum).
5. How long we keep it
- Contact-form submissions and email correspondence: up to 24 months
from your last interaction, then deleted, unless we need to keep them
longer for a legal reason.
- Hosting logs: as per our hosting provider's defaults, typically
30 days.
6. Your rights
Under UK GDPR you have the right to:
- Request a copy of the personal data we hold about you;
- Ask us to correct inaccurate data;
- Ask us to delete your data (right to erasure);
- Restrict or object to processing;
- Withdraw consent at any time (for processing based on consent);
- Lodge a complaint with the
Information Commissioner's Office (ICO).
To exercise any of these rights, email
hello@helixsource.co.uk.
We'll respond within one month.
7. Changes to this notice
We may update this notice from time to time. The "last updated" date at
the top of the page reflects the most recent change.