Order in00H 00M 00Sfor same-day ship

Privacy Policy

Effective Date: 8th May 2025

1. Introduction

OVERPOWERED Nutrition Ltd ("OVERPOWERED®", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website overpowerednutrition.com (the "Site") and purchase our products.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Data Controller & Processors

OVERPOWERED Nutrition Ltd is the data controller responsible for your personal data. As the data controller, we determine why and how your data is processed.

Our website and store are hosted on Shopify, which acts as our primary data processor. This means Shopify stores and processes your personal data (including account information, orders, and payment details) on our behalf, in accordance with our instructions and their Data Processing Agreement.

Important: We never see or store your full payment card details. All payment processing is handled securely by Shopify Payments and their payment partners (Stripe), who are PCI-DSS compliant.

If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Email: support@overpowerednutrition.com
  • Address: OVERPOWERED Nutrition Ltd, Leeds, United Kingdom

3. Information We Collect

We collect information in the following ways:

3.1 Information You Provide

  • Account Information: Name, email address, password when you create an account
  • Order Information: Billing and shipping addresses, phone number, payment details
  • Communication: Messages you send via our contact form or email
  • Newsletter: Email address when you subscribe to our mailing list
  • Reviews: Name and comments when you leave product reviews

3.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, click patterns, referring URLs
  • Location Data: General geographic location based on IP address
  • Cookies: See Section 7 for detailed cookie information

4. How We Use Your Information

We use your personal data for the following purposes:

  • Order Fulfilment: Processing and delivering your orders, sending shipping updates
  • Customer Service: Responding to inquiries, resolving issues, providing support
  • Account Management: Managing your account, order history, and preferences
  • Marketing: Sending promotional emails (with your consent), personalising offers
  • Analytics: Understanding how visitors use our Site to improve user experience
  • Legal Compliance: Meeting our legal obligations, preventing fraud
  • Subscription Management: Processing recurring orders if you subscribe to our products

5. Legal Basis for Processing

Under UK GDPR, we process your data based on:

  • Contract: Processing necessary to fulfil your order (Article 6(1)(b))
  • Consent: Marketing communications and non-essential cookies (Article 6(1)(a))
  • Legitimate Interests: Fraud prevention, site security, analytics (Article 6(1)(f))
  • Legal Obligation: Tax records, legal compliance (Article 6(1)(c))

6. Data Sharing & Storage

Your data is stored and processed by the following trusted third-party services:

Primary Data Storage

  • Shopify (Canada/USA): Hosts our store and stores all customer data including account details, order history, and addresses. Shopify is our primary data processor.

Payment Processing

  • Shopify Payments / Stripe: Processes and stores payment card information. We never have access to your full card details.
  • PayPal, Klarna: If you choose these payment methods, your data is processed by these providers under their own privacy policies.

Other Service Providers

  • Shipping Carriers: Royal Mail, DPD, Evri receive your name and address to deliver orders
  • Email Service (Klaviyo): Stores email addresses for marketing and order notifications
  • Analytics (Google Analytics): Collects anonymised usage data about site visits
  • Advertising (Meta, Google, TikTok): May receive hashed data for targeted advertising (with your consent)

We do not sell your personal data to third parties. All processors are bound by data protection agreements. For details on how these services handle your data, please refer to their respective privacy policies.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Required for the Site to function (cart, checkout, authentication). Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our Site (Google Analytics). These are set only with your consent.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness (Meta Pixel, TikTok Pixel, Google Ads). These are set only with your consent.

You can manage your cookie preferences at any time via the cookie banner or your browser settings. Note that blocking certain cookies may affect Site functionality.

8. Data Retention

We retain your personal data for:

  • Order Data: 7 years (for tax and legal compliance)
  • Account Data: Until you delete your account, plus 30 days
  • Marketing Data: Until you unsubscribe, plus 6 months
  • Analytics Data: 26 months (Google Analytics default)
  • Support Communications: 3 years

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

To exercise your rights, email us at support@overpowerednutrition.com. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. International Transfers

Your data may be transferred to and processed in countries outside the UK, including the United States (e.g., Shopify, Google). Where this occurs, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO
  • Transfers to countries with adequacy decisions
  • Binding Corporate Rules where applicable

11. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • SSL/TLS encryption for all data transmission
  • PCI-DSS compliant payment processing via Shopify
  • Regular security assessments and updates
  • Limited access to personal data on a need-to-know basis

While we take security seriously, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our Site is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at support@overpowerednutrition.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" at the top. We encourage you to review this policy periodically.

14. Contact Us

For any questions about this Privacy Policy or to exercise your data rights:

  • Email: support@overpowerednutrition.com
  • Website: overpowerednutrition.com/contact