Privacy Policy

Last updated: 10 March 2026

At Eve Biology, we respect your privacy and are committed to handling your personal data responsibly.

This Privacy Policy explains how Eve Biology Ltd (“Eve Biology”, “we”, “us”, or “our”) collects, uses, shares, and stores your personal data when you visit evebiology.com (the “Site”), place an order, create an account, contact us, sign up for marketing, or otherwise interact with us (together, the “Services”).

For the purposes of UK and European data protection law, Eve Biology Ltd is the controller of your personal data.

Contents

  1. Who we are
  2. Who this policy applies to
  3. The personal data we collect
  4. How we collect personal data
  5. How we use personal data
  6. Lawful bases for processing (UK and EEA)
  7. Cookies and similar technologies
  8. How we share personal data
  9. International transfers
  10. How long we keep personal data
  11. Security
  12. Children’s privacy
  13. Your privacy rights (UK and EEA)
  14. Additional notice for California and other US residents
  15. Categories of personal information we collect and disclose
  16. Categories of sources
  17. Sale, sharing, and targeted advertising
  18. Retention disclosure for California residents
  19. How to exercise privacy rights
  20. Appeals and complaints
  21. Third-party websites
  22. User-generated content
  23. Changes to this Privacy Policy
  24. Contact us

1. Who we are

Eve Biology Ltd
25 Sandyford Place
Glasgow G3 7NG
United Kingdom
Email: hello@evebiology.com

2. Who this policy applies to

This Privacy Policy applies to:

  • customers
  • website visitors
  • account holders
  • people who contact us
  • people who sign up to receive marketing from us

Because we sell into the UK, Europe, and the United States, different privacy laws may apply depending on where you live and how you interact with us. We aim to provide a clear, consistent explanation of our data practices across those markets.

3. The personal data we collect

We collect personal data in a few different ways.

Information you give us directly

You may give us personal data when you:

  • place an order
  • create an account
  • contact us
  • sign up for emails
  • submit a review
  • enter a promotion or survey
  • request support

This may include:

  • name
  • billing address
  • shipping address
  • email address
  • phone number
  • account login details
  • order details
  • payment-related details, such as billing information and payment confirmation
  • any information you include in messages, reviews, or support requests

Information we collect automatically

When you browse or use our Site, we may automatically collect:

  • IP address
  • browser type and version
  • device type
  • operating system
  • approximate location based on IP
  • pages viewed
  • products viewed
  • basket activity
  • referring website
  • dates and times of visits
  • cookie, pixel, and similar technology data

Information from third parties

We may also receive personal data from third parties that help us run our business, including:

  • Shopify, our ecommerce platform provider
  • payment processors
  • delivery and fulfilment providers
  • analytics providers
  • advertising and marketing partners
  • fraud prevention, security, and customer support providers

4. How we collect personal data

We collect personal data:

  • directly from you
  • automatically through your use of the Site
  • through cookies and similar technologies
  • from service providers and business partners who support our Services

5. How we use personal data

We use personal data to:

  • process and fulfil orders
  • take payments
  • deliver products
  • manage returns, refunds, and exchanges
  • create and manage customer accounts
  • provide customer support
  • communicate with you about orders, enquiries, and service issues
  • improve our website, products, and Services
  • personalise your experience
  • measure and improve marketing performance
  • send marketing communications where permitted by law
  • detect and prevent fraud, abuse, and security incidents
  • comply with legal and regulatory obligations
  • establish, exercise, or defend legal claims

6. Lawful bases for processing (UK and EEA)

If you are in the UK or EEA, we rely on one or more of the following lawful bases:

Contract

Where processing is necessary to fulfil an order, manage your account, or otherwise provide the Services you requested.

Legitimate interests

Where processing is necessary for our legitimate interests, including operating and improving our business, providing support, securing our systems, understanding website use, and preventing fraud, provided those interests are not overridden by your rights.

Consent

Where required by law, including certain marketing and non-essential cookies. You can withdraw consent at any time.

Legal obligation

Where processing is necessary to comply with tax, accounting, consumer, or other legal obligations.

7. Cookies and similar technologies

We use cookies, pixels, and similar technologies to operate the Site, remember your preferences, understand how visitors use the Site, and support advertising and analytics.

We may use the following categories of cookies:

  • Strictly necessary cookies to enable core functionality such as checkout, account login, and security
  • Analytics cookies to help us understand how the Site is used
  • Functionality cookies to remember your preferences
  • Advertising cookies to help us and our partners show relevant advertising and measure campaign performance

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You can manage your preferences through our cookie banner and browser settings.

8. How we share personal data

We may share personal data with:

  • ecommerce and website platform providers, including Shopify
  • payment processors
  • shipping, logistics, and fulfilment providers
  • cloud hosting, IT, and security providers
  • analytics providers
  • advertising and marketing partners
  • customer service providers
  • professional advisers
  • regulators, law enforcement, courts, and public authorities where required by law
  • buyers, investors, or successor entities as part of a merger, acquisition, financing, restructuring, or sale of assets

We do not sell personal data for money.

9. International transfers

Because we operate internationally and use service providers in multiple countries, your personal data may be transferred to and processed outside your country of residence, including in the United States.

Where required, we use recognised safeguards for international transfers, including:

  • adequacy decisions
  • the European Commission’s Standard Contractual Clauses
  • the UK International Data Transfer Agreement
  • the UK Addendum to the EU Standard Contractual Clauses
  • other lawful safeguards where applicable

10. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, including to comply with legal, tax, accounting, reporting, and dispute-resolution requirements.

In general:

  • order and transaction records are kept for legal, tax, and accounting purposes
  • account data is kept while your account is active and for a reasonable period afterwards
  • customer service records are kept for as long as needed to manage the issue and follow-up
  • suppression records are kept so we can honour marketing opt-outs
  • technical and analytics data is kept for limited periods based on business, security, and performance needs

When we no longer need personal data, we delete it securely or anonymise it.

11. Security

We use appropriate technical and organisational measures designed to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure.

However, no online service or storage system can be guaranteed to be completely secure.

12. Children’s privacy

Our Services are not directed to children, and we do not knowingly collect personal data from children.

If you believe a child has provided us with personal data, please contact us and we will investigate and, where appropriate, delete the information.

13. Your privacy rights (UK and EEA)

If you are in the UK or EEA, you may have the right to:

  • access your personal data
  • correct inaccurate or incomplete personal data
  • request deletion of your personal data
  • restrict processing
  • object to processing based on legitimate interests
  • object to direct marketing
  • request portability of certain personal data
  • withdraw consent where we rely on consent

These rights are subject to certain legal limits and exceptions.

14. Additional notice for California and other US residents

If you are a resident of California or another US state with applicable privacy rights, you may have certain rights under state law, subject to exceptions and applicability thresholds.

These may include the right to:

  • know the categories of personal information we collect
  • know the purposes for which we collect, use, disclose, sell, or share personal information
  • request access to specific pieces of personal information
  • request deletion of personal information
  • request correction of inaccurate personal information
  • opt out of the sale or sharing of personal information, or targeted advertising, where applicable
  • limit the use or disclosure of sensitive personal information, where applicable
  • not receive discriminatory treatment for exercising privacy rights

15. Categories of personal information we collect and disclose

Category of personal information Examples Business or commercial purposes Categories of recipients
Identifiers Name, email address, phone number, account username, IP address, order number Account creation, order fulfilment, support, fraud prevention, security, marketing, analytics Shopify and platform providers, payment processors, delivery providers, IT/security providers, analytics providers, marketing partners, customer support providers
Customer records Billing address, shipping address, order history, account details Order processing, delivery, returns, support, recordkeeping Shopify and platform providers, payment processors, delivery providers, customer support providers
Commercial information Products viewed, products purchased, basket activity, returns, preferences Personalisation, product recommendations, analytics, customer support, marketing Shopify and platform providers, analytics providers, marketing partners
Internet or network activity Browser type, device data, usage data, cookie data, referring URL, interaction with the Site Site operation, analytics, personalisation, security, advertising performance IT providers, analytics providers, advertising partners
Geolocation data Approximate location inferred from IP address Fraud prevention, localisation, analytics IT/security providers, analytics providers
Audio, electronic, or visual information Customer emails, chat messages, contact form submissions, support records Customer support, complaints handling, quality control, legal compliance Customer support providers, IT providers, professional advisers
Sensitive personal information (where applicable) Account login credentials, payment-related information, precise data only if voluntarily provided Account security, payment processing, fraud prevention, legal compliance Payment processors, IT/security providers

16. Categories of sources

We collect personal information from the following categories of sources:

  • directly from you
  • automatically from your device and browser
  • from cookies and similar technologies
  • from ecommerce, payment, delivery, analytics, advertising, and security partners
  • from service providers acting on our behalf

17. Sale, sharing, and targeted advertising

We do not sell personal information for money.

However, some advertising, analytics, and cookie-based activities may be treated as a “sale”, “sharing”, or “targeted advertising” under certain US state privacy laws. If and where those laws apply, you may have the right to opt out.

You can exercise that choice by:

  • using our cookie and privacy preference tools
  • enabling a recognised opt-out preference signal where supported
  • contacting us using the details below

18. Retention disclosure for California residents

We retain personal information only for as long as reasonably necessary and proportionate for the purposes described in this Policy, taking into account:

  • the nature of the information
  • the purpose for which it was collected
  • legal, tax, accounting, and reporting obligations
  • fraud prevention and security needs
  • our need to resolve disputes and enforce agreements

19. How to exercise privacy rights

To make a privacy request, please contact us at:

Email: dpo@evebiology.com

Please include:

  • your full name
  • the email address associated with your order or account
  • your country or state of residence
  • the type of request you are making
  • enough information for us to verify and respond to your request

Where permitted by law, we may need to verify your identity before completing your request. We may also ask for additional information where reasonably necessary to authenticate the request and protect personal data from unauthorised access.

You may also appoint an authorised agent to submit a request on your behalf where allowed by applicable law. We may ask for evidence of that authority and may still need to verify your identity directly with you.

We will not discriminate against you for exercising any applicable privacy rights.

20. Appeals and complaints

If you are in the UK or EEA and have concerns about how we use your personal data, please contact us first.

You also have the right to complain to your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO).

If you are a resident of a US state that provides a right to appeal a privacy-rights decision, you may reply to our response and request that we review it again.

21. Third-party websites

Our Site may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to read their privacy notices before providing them with personal information.

22. User-generated content

If you post a review or other content in a public area of our Services, that information may be visible to others. Please do not post information you do not want to make public.

23. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal obligations, or privacy practices. When we do, we will post the updated version here and update the “Last updated” date at the top of the page.

24. Contact us

If you have any questions about this Privacy Policy or would like to exercise your rights, please contact us at:

Eve Biology Ltd
25 Sandyford Place
Glasgow G3 7NG
United Kingdom
Email: hello@evebiology.com