Privacy Policy

How HGH Steroids UK collects, uses, and protects your personal information.

Last updated: May 2026

1. Who We Are

This privacy policy applies to the website hghsteroids.co.uk, operated by HGH Steroids UK (“we”, “us”, “our”). We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

We may collect the following types of personal information when you use our website:

  • Name, email address, phone number, and delivery address (when you place an order or create an account)
  • Payment information (processed securely through our third-party payment provider; we do not store full card details)
  • Order history, including products purchased, dates, and amounts
  • Communication records from emails or customer support enquiries
  • Technical data including IP address, browser type, device type, and pages visited (collected automatically via cookies and server logs)
  • Account login credentials (email and password, stored in encrypted form)

3. How We Use Your Data

We use your personal information for the following purposes:

  • To process and fulfil your orders, including shipping and delivery
  • To send order confirmation, dispatch notification, and tracking emails
  • To respond to customer support enquiries
  • To manage your account on our website
  • To detect and prevent fraud or unauthorised transactions
  • To comply with legal obligations, including tax and accounting requirements
  • To improve our website, products, and services based on usage data

We will only send you marketing communications if you have given explicit consent. You can withdraw this consent at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

  • Contract performance: processing necessary to fulfil your order
  • Legal obligation: processing required to comply with UK tax, accounting, and consumer protection laws
  • Legitimate interests: fraud prevention, website security, and service improvement
  • Consent: marketing communications (where you have opted in)

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your data with the following categories of service providers who assist in operating our business:

  • Delivery and courier services (to fulfil your order)
  • Payment processing providers (to process your payment securely)
  • Website hosting provider (to host and maintain our website)
  • Email service providers (to send transactional and, where consented, marketing emails)

All third-party service providers are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.

6. Cookies

Our website uses cookies to provide essential functionality (such as maintaining your shopping cart and login session) and to analyse website usage. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of our website, including the ability to place orders. For more information about the cookies we use and how to manage them, please refer to our cookie consent banner displayed on your first visit.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy. Order records and associated personal data are retained for a minimum of six years to comply with UK tax and accounting obligations. Account data is retained for as long as your account remains active. You may request account deletion at any time by contacting us.

8. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (subject to legal obligations)
  • Right to restriction: request that we limit how we process your data
  • Right to data portability: request your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: withdraw consent for marketing communications at any time

To exercise any of these rights, please contact us at [email protected]. We will respond to all valid requests within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption on all pages, encrypted password storage, secure payment processing through PCI-compliant providers, and restricted access to personal data on a need-to-know basis.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. The “Last updated” date at the top of this page indicates when the policy was most recently revised. We encourage you to review this page periodically.

11. Contact Us

If you have questions about this privacy policy or how we handle your personal data, please contact us at:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. You can contact the ICO at ico.org.uk.