0 Osta

Tietosuojaseloste

Last updated: May 2026

We collect the minimum personal data needed to ship your order and run the site. We don’t sell, rent, or share your data for advertising. This page explains what we collect, why, how long we keep it, and your rights under the GDPR.

1. Data controller

POWER BioTech LLC

Laugavegur 100

101 Reykjavík

Iceland

Privacy contact: [email protected]

2. What we collect & why

Order data
Name, shipping address, billing address, email, phone (optional), order contents. Used to fulfil your order. Lawful basis: performance of contract (GDPR Art. 6(1)(b)).
Payment data
Processed by our payment partner. We see the last four digits of the card and a transaction ID; we never see the full card number. Lawful basis: performance of contract.
Account data
Email and hashed password if you create an account. Used to let you see past orders. Lawful basis: consent (GDPR Art. 6(1)(a)).
Support correspondence
Emails you send us and our replies. Used to help you and to improve our service. Lawful basis: legitimate interest (GDPR Art. 6(1)(f)).
Site analytics
Anonymised, aggregate page views — no individual tracking, no cross-site profiling, no advertising cookies. Lawful basis: legitimate interest.
Tax & accounting
Invoice records, retained as required by Icelandic tax law. Lawful basis: legal obligation (GDPR Art. 6(1)(c)).

3. Who we share data with

We share data only with the processors required to operate the site and ship orders:

  • Hosting & site infrastructure — our cloud provider stores the website and database.
  • Payment provider — processes your payment.
  • Fulfilment & courier — needs your name and shipping address to deliver the parcel.
  • Email provider — sends order confirmations and support replies.

All processors are contractually bound by GDPR-compliant data processing agreements. We do not share your data with anyone else, and we do not use it for advertising or third-party marketing.

4. International transfers

Some processors are based outside the EU/EEA. Where this is the case, transfers are protected by the European Commission’s Standard Contractual Clauses or an adequacy decision.

5. How long we keep data

  • Order data & invoices: 7 years (Icelandic tax-law requirement).
  • Account data: until you ask us to delete it.
  • Support emails: 24 months from the last interaction.
  • Analytics: aggregated only; no per-user data is retained.

6. Your rights

Under the GDPR you have the right to: access your data, correct it, ask us to delete it (where law allows), restrict or object to processing, port your data to another provider, and withdraw consent for any consent-based processing. To exercise any of these, email [email protected] — we’ll respond within 30 days.

You also have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd) at personuvernd.is, or with the supervisory authority in your country of residence.

7. Cookies

See our cookie policy for what we set and how to opt out.

8. Changes

If we change how we process your data, we’ll update this page and, where the change is material, notify you by email.