Privacy Policy
1. Scope
This Privacy Policy explains how The Peptide Clinic ("Company", "we", "our", or "us") collects, uses, stores, shares, and protects personal information through the Website and related onboarding, ordering, support, and account-management processes.
This policy should be read together with the Terms of Use and other active legal documents made available through the Website.
2. Responsible party
For purposes of the personal information processed through the Website, The Peptide Clinic is the responsible party for product supply operations carried out through the Website.
3. Personal information we may collect
Depending on how you use the Website, we may collect and process:
3.1 Identity and contact information
- name
- email address
- account credentials or authentication identifiers
- organisation, laboratory, or business details you choose to provide
3.2 Onboarding and approval information
- research-use declarations
- approval request details
- communications submitted through gate or support workflows
- records showing acceptance of active legal documents
3.3 Order and transaction information
- order history
- product selections
- shipping details
- delivery-related records
- payment status and processor references
We do not intentionally store full raw card numbers in our own application records. Payment information is handled by the external payment processor, and we may receive tokenised or limited transaction metadata from that processor.
3.4 Technical and security information
- device and browser data
- log and audit data
- approximate location inferred from technical signals
- IP address or similar identifiers used for fraud prevention, abuse prevention, diagnostics, and security review
3.5 Communications and support information
- messages you send to us
- support history
- complaint records
- account review notes
4. How we collect information
We may collect personal information:
- directly from you when you create an account, submit a form, place an order, or contact us
- automatically when you use the Website through logs, cookies, or similar technical means
- from payment processors, logistics providers, fraud tools, or service providers involved in a transaction
- from internal compliance, audit, or approval workflows associated with your account
5. Why we process personal information
We may process personal information for the following purposes:
- creating and maintaining user accounts
- operating the gated onboarding and approval flow
- presenting and enforcing the active legal documents
- processing, reviewing, and fulfilling orders
- arranging shipment and delivery
- detecting fraud, misuse, chargeback abuse, or security incidents
- responding to support requests and complaints
- maintaining audit trails, logs, and internal records
- improving Website performance and user experience
- complying with legal, accounting, tax, consumer-protection, or regulatory obligations
6. Lawful grounds and legal basis
Where South African data-protection law applies, we process personal information on one or more of the following grounds:
- performance of a contract or pre-contractual steps requested by you
- compliance with legal obligations
- our legitimate interests in running a secure, fraud-resistant, and compliant platform
- consent, where consent is the appropriate basis and has been requested
If consent is withdrawn, that withdrawal does not affect processing already undertaken lawfully before withdrawal. Some services may no longer be available if the withdrawn consent was necessary for those services.
7. Sharing of personal information
We may share personal information with:
- payment processors
- couriers and logistics providers
- hosting, storage, analytics, infrastructure, and technical support providers
- professional advisers, insurers, auditors, or debt-recovery providers where reasonably necessary
- regulators, authorities, courts, or law-enforcement bodies where required by law or reasonably necessary to protect rights or investigate misuse
We do not sell personal information as a standalone commercial data product.
8. Cross-border processing
The Website may use infrastructure or service providers located outside South Africa.
As a result, personal information may be processed, stored, or accessed in jurisdictions other than the country in which the user is located.
Where cross-border processing occurs, we aim to use service providers and transfer arrangements that are appropriate to the sensitivity of the information and the purpose of the processing.
9. Cookies, analytics, and similar technologies
We may use cookies, local storage, session technologies, and similar tools to:
- keep users signed in where appropriate
- maintain session integrity and security controls
- remember preferences
- measure Website usage and performance
- support diagnostics and abuse prevention
You may be able to restrict some cookies through browser settings, but doing so may affect Website functionality.
10. Retention
We retain personal information only for as long as reasonably necessary for the purposes described in this policy, including compliance, accounting, dispute handling, fraud review, and security needs.
Unless longer retention is required or justified by law, audit needs, or active disputes, customer account and transaction information may be retained for up to 12 months after prolonged inactivity.
We may retain selected records for longer where necessary to:
- comply with accounting or tax obligations
- resolve disputes
- investigate fraud, chargebacks, or abuse
- enforce legal rights
- maintain integrity of legal-acceptance records and order history
11. Security
We use administrative, technical, and organisational measures designed to reduce the risk of unauthorised access, loss, misuse, alteration, or disclosure of personal information.
Those measures may include:
- access controls
- authentication controls
- audit logging
- role-based permissions
- infrastructure monitoring
- encrypted transmission where appropriate
No system can be guaranteed to be completely secure, and you use internet-connected services at your own risk.
12. Your privacy rights
Subject to applicable law and reasonable identity verification, you may have rights to:
- request access to personal information we hold about you
- request correction of inaccurate or incomplete information
- request deletion where retention is no longer necessary or lawful
- object to certain processing
- withdraw consent where processing relies on consent
- request details about how your information has been used or shared
Where South African law applies, these rights may arise under the Protection of Personal Information Act 4 of 2013 ("POPIA") and, where relevant, the Promotion of Access to Information Act 2 of 2000 ("PAIA").
We may decline or limit a request where the law permits us to do so, including where disclosure would prejudice the rights of others, legal proceedings, or security controls.
13. Marketing communications
We do not currently operate broad standalone email marketing campaigns as a core service feature.
Operational or transaction-related messages may contain limited service information, updates, or account-related notices.
If we introduce broader marketing communications in the future, we may do so only on a lawful basis and provide any opt-out mechanism required by law.
14. Children
The Website is intended for adults and not for persons under 18 years of age.
We do not knowingly solicit or maintain accounts for minors. If you believe a minor has provided personal information to us, contact us so that we can investigate and take appropriate action.
15. External links and third-party services
The Website may contain links to third-party websites or rely on third-party services such as payment processors, hosting providers, or couriers.
We are not responsible for the privacy practices of third-party sites or services except to the extent required by law.
16. Information officer and privacy contact
Privacy requests, correction requests, objections, complaints, and general data-protection enquiries may be sent to support@thepeptide.clinic.
If we publish more specific Information Officer particulars or formal request channels, this policy will be updated accordingly.
If you believe your personal information has been processed unlawfully, you may also have the right to complain to the Information Regulator in South Africa, where applicable.
17. Changes to this policy
We may update this Privacy Policy from time to time. The current version published on the Website is the version that applies from its effective publication date.