Privacy Policy

1. Controller

The data controller for personal data processed through this website is:

Allostasis Labs
Sweden
Email: support@allostasislabs.com

2. Personal Data We Collect

We may collect the following personal data when you submit an order request or contact us:

• name;
• email address;
• billing and shipping address;
• order request details;
• payment reference information;
• technical and usage data associated with website visits, subject to cookie settings;
• correspondence sent to support.

3. Why We Process Your Data

We process personal data in order to:

• receive, assess, and manage order requests;
• communicate with you about your request;
• process payment confirmation;
• arrange shipment and delivery;
• keep accounting and bookkeeping records;
• respond to customer support requests;
• prevent fraud, abuse, unlawful requests, and compliance risks;
• maintain website security and performance;
• analyse website traffic where valid consent has been given.

4. Legal Bases

We process personal data where necessary to:

• take steps at your request before entering into a contract;
• perform contractual or pre-contractual steps relating to your request;
• comply with legal obligations, including bookkeeping obligations;
• pursue legitimate interests such as preventing misuse, fraud, unlawful requests, and website abuse;
• rely on consent where required, including for non-essential cookies and analytics.

5. Data Sharing

We may share relevant data with service providers where necessary for website operation, order assessment, communication, fulfilment, and compliance, including:

• Cloudflare Pages (hosting and website delivery);
• iCloud Mail (email communication);
• PostNord or equivalent shipping providers;
• payment processors or infrastructure providers involved in bank transfer handling and crypto payment flow;
• Google Analytics, subject to valid cookie consent.

We do not sell personal data.

6. International Transfers

We do not intentionally structure processing to transfer personal data outside the EU/EEA except where a service provider’s technical infrastructure or subprocessor chain may involve such processing.

In particular, the use of Google Analytics may involve international processing depending on service configuration and consent choices. Where relevant, such processing is subject to the provider’s applicable transfer mechanisms.

7. Retention

We retain:

• order and accounting-related data for up to 7 years where required for bookkeeping, tax, or legal compliance;
• support correspondence for a shorter period where no longer necessary, unless needed for legal, dispute, fraud-prevention, or compliance purposes;
• analytics-related data according to configured retention settings and cookie consent status.

8. Your Rights

Subject to applicable law, you may have the right to:

• access your personal data;
• request correction of inaccurate data;
• request deletion of data where applicable;
• request restriction of processing;
• object to certain processing;
• withdraw consent where processing is based on consent;
• lodge a complaint with a competent supervisory authority.

To exercise your rights, contact support@allostasislabs.com.

9. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. However, no website, transmission, or storage system can be guaranteed to be completely secure.

10. Failure to Provide Data

If you do not provide data necessary for order assessment, payment confirmation, shipping, or compliance review, Allostasis Labs may be unable to process your request.

11. Changes

We may update this Privacy Policy from time to time. The latest version published on the website applies.