Privacy policy
SYNAPSE CORE Privacy Policy:
Last Updated: February 2026
Synapse Core ("we," "us," or "our"), operated by RSK SEO LTD., is committed to protecting the privacy and security of your personal data. This policy outlines how we collect, use, disclose, and protect your information when you visit our website, place an order, or interact with our services (collectively, the "Service").
Synapse Core acts as the Data Controller of your personal data for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are registered with the Information Commissioner’s Office (ICO) under registration number: ZC042091.
1. The Personal Data We Collect
We collect personal data that falls into the following categories:
|
Category |
Description |
Legal Basis for Processing (UK GDPR) |
|
Identity Data |
Name, title, date of birth. |
Contract, Legitimate Interests (customer service), Legal Obligation. |
|
Contact Data |
Billing and delivery addresses, email address, and telephone numbers. |
Contract, Legitimate Interests (fulfilment), Legal Obligation. |
|
Transaction Data |
Details about payments, products purchased, and order history. |
Contract, Legitimate Interests (financial management), Legal Obligation. |
|
Financial Data |
Payment card details (processed securely by our payment processor, Shopify Payments; we do not store full details). |
Contract, Legitimate Interests (payment processing). |
|
Technical Data |
IP address, browser type and version, time zone setting, operating system and platform, and other technology on the devices you use to access this website. |
Legitimate Interests (improving our Service and network security). |
|
Usage Data |
Information about how you use our website, products, and services, including navigation paths and product views. |
Legitimate Interests (marketing and service improvement). |
|
Marketing and Communications Data |
Your preferences in receiving marketing from us and your communication preferences. |
Consent, Legitimate Interests (business development). |
|
Special Category Data (Health) |
(Explicitly Prohibited) We DO NOT collect or request information regarding specific health conditions, symptoms, or medical diagnoses. With regards to health-related feedback, we DO NOT request it or require it, and customers SHOULD NOT submit it. |
N/A (Data is not actively processed or retained). |
2. Children's Data (Age of Consent)
Our Service and products are not intended for individuals under the age of eighteen (18). We do not knowingly collect, process, or store any personal data from children under the age of 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at info@synapsecore.co.uk
3. How Your Personal Data is Collected
We use different methods to collect data from and about you, including:
- Direct Interactions: You provide us with Identity, Contact, and Financial Data when you purchase products, create an account, or subscribe to our newsletters.
- Automated Technologies or Interactions: As you interact with our website, Technical and Usage Data is collected automatically via cookies, server logs, and other similar technologies.
- Third Parties: We may receive Transaction and Contact Data from providers like payment processors and delivery services.
4. How We Use Your Personal Data
We use your personal data primarily to perform the contract of sale with you and for our legitimate business interests, ensuring these do not override your rights.
|
Purpose |
Detail of Use |
|
Service Fulfilment |
Processing and delivering your order, managing payments, fees, and charges. |
|
Account Management |
Managing your customer account, providing customer support, and notifying you about changes to our terms or policies. |
|
Marketing |
Sending you marketing communications about products, special offers, or promotions where you have explicitly opted-in (Consent). |
|
Service Improvement |
Analysing Usage and Technical Data to improve our website, products, and overall customer experience (Legitimate Interests). |
|
Legal Compliance |
Adhering to legal obligations related to product safety, fraud detection, and regulatory reporting. |
5. E-commerce Platform and Data Processing (Shopify)
Our online store is hosted on Shopify Inc. Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you.
- Shopify's Role: Shopify acts as a Data Processor on our behalf, managing the infrastructure, order data, and basic analytics necessary for the Service to function. This means they process your personal data strictly under our written instructions as the Data Controller.
- Data Shared with Shopify: We share Identity, Contact, Transaction, and Technical Data with Shopify to facilitate your orders, payments, and site experience.
- Payment Processing: When you purchase, Shopify securely handles your Financial Data via Shopify Payments, which is certified Level 1 PCI DSS compliant. We do not store or directly process your full payment card details.
- Shopify's Own Use: In certain instances, Shopify may also use some data for its own purposes (e.g., fraud prevention, site security), acting as an independent Data Controller for those specific activities. We rely on their publicly available privacy policy for clarity on these independent activities.
6. Data Sharing and Further Disclosure
We may share your personal data with the following categories of recipients:
- Fulfilment Partners: Third-party logistics providers (delivery and warehousing) who require Contact and Transaction Data to fulfil your order. To complete your order, we share your name, delivery address, and contact details with our third-party delivery partners (such as Royal Mail, DPD, or specialized fulfilment centres). These providers only have access to the information necessary to perform their functions and are prohibited from using it for any other purpose.
- Professional Advisers: Solicitors, accountants, and insurers who require access to ensure compliance and manage risk.
- Regulatory and Legal Bodies: When legally required to do so, we may disclose your data in response to a court order, legal process, or governmental request (e.g., product safety investigations by the FSA or MHRA).
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner, subject to the terms of this Policy.
7. Third-Party Links and Websites
For informational and educational purposes, our Service (including our blog and social media) may contain links to third-party websites (e.g., research articles, health organisations) that are not operated by us.
These links are provided for your convenience only. We have no control over, do not endorse, and assume no liability for the content, data collection practices, or privacy policies of any third-party site. When you leave our Service via such a link, you are no longer governed by our Privacy Policy or Terms of Service. We strongly advise you to review the privacy policy of every website you visit.
8. Third-Party Data Processors
To provide our services, we share data with the following categories of third-party providers. Each partner is contractually bound to protect your data:
- Shopify: Our e-commerce platform provider (Hosting, Order Management, and Technical Data).
- Appstle: Subscription management service (Recurring Billing and Subscription Data).
- Mailchimp: Marketing automation and email communications.
- PayPal / Stripe: Secure payment processing (Financial Data).
- FreeAgent: Cloud accounting and financial record keeping.
- UKPostBox: Logistics partner for business mail and physical returns management.
- Delivery & Logistics: Professional Courier & Fulfilment Partners - Fulfilling your order, providing tracking updates, and physical delivery of products.
- Make.com (Celonis, Inc.): We use Make.com as an automation platform to securely transmit order information from our store to our accounting software (FreeAgent). This ensures your purchase is correctly recorded for tax and invoicing purposes. Data shared may include your name, email address, and order details.
9. Cookies and Automated Collection
We use cookies to distinguish you from other users and improve our site. For a detailed breakdown of the specific cookies we use, please refer to our Cookie Policy, accessible via the link in our website footer.
| Category | Purpose | Provider(s) | Consent |
| Strictly Necessary | Essential for the website to function (e.g., shopping cart, secure checkout). | Shopify, PayPal, Stripe | Always Active |
| Analytical | Helps us understand visitor movement and identify technical errors. | Shopify Analytics, Google Analytics | User Choice |
| Functionality | Remembers your preferences like currency or subscription status. | Shopify, Appstle | User Choice |
| Targeting | Used for marketing and measuring ad effectiveness. | Mailchimp, Meta/Google Pixels | User Choice |
You can choose to 'Reject All' non-essential cookies via our cookie banner. However, blocking essential cookies may prevent parts of our website from functioning correctly.
10. Data Security and Protection
Data Security is a paramount concern. We have implemented robust technical and organisational security measures designed to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed.
- Encryption: All data transmitted between your browser and our Service (via HTTPS) is encrypted. Financial Data is handled by certified payment gateways which meet the highest Payment Card Industry Data Security Standard (PCI DSS) requirements.
- Access Control: Access to your personal data is restricted to employees, agents, contractors, and other third parties on a strict "need-to-know" basis, subject to duties of confidentiality.
- Breach Procedure: We have established procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner's Office (ICO) of a breach where we are legally required to do so.
11. Data Retention and Deletion
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements.
- Contractual Obligation: For customer data, we typically retain records for seven (7) years after the last order date to meet UK tax, accounting, and consumer warranty obligations.
- Health and Wellness Context: Given the nature of our business, we rigorously avoid indefinite retention of data that could later be misinterpreted as health data. Any non-financial, non-transactional personal data (like browsing habits) is routinely purged or anonymised after a maximum of 18 months.
12. International Data Transfers
As we operate primarily within the UK, we aim to keep your data within the European Economic Area (EEA) and the UK. However, data may be transferred to and processed by trusted third-party providers located outside the UK/EEA (e.g., Shopify, which uses servers in the US).
Where we transfer your personal data outside the UK/EEA, we ensure a high level of protection by implementing one of the following safeguards:
- Transferring data to countries deemed by the UK to provide an adequate level of protection.
- Using specific contracts approved for use in the UK, which give personal data the same protection it has in the UK (e.g., UK International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses).
13. Your Legal Rights (Data Subject Rights)
Under UK GDPR, you have significant rights regarding your personal data:
- Right to Access (SAR): The right to request a copy of the personal data we hold about you.
- Right to Rectification: The right to have inaccurate or incomplete data corrected.
- Right to Erasure ('Right to be Forgotten'): The right to request the deletion of your personal data where there is no good reason for us to continue processing it (though this is subject to our legal retention obligations).
- Right to Restrict Processing: The right to ask us to suspend the processing of your personal data in certain scenarios (e.g., if you contest its accuracy).
- Right to Data Portability: The right to request the transfer of your data to you or a third party in a structured, commonly used, machine-readable format.
- Right to Object: The right to object to us processing your data where we are relying on a legitimate interest.
14. Complaints and Contact Information
If you have any questions or concerns about this policy or our data practices, please contact our designated Data Protection point of contact:
Data Protection Contact: RSK SEO LTD. Trading as “Synapse Core”.
Email: info@synapsecore.co.uk
Address: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA
You have the absolute right to make a complaint at any time to the UK supervisory authority for data protection issues, the Information Commissioner's Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
15. Policy Changes
We reserve the right to update this privacy policy at any time. The updated version will be indicated by an updated "Last Updated" date at the top of this policy. We will notify you of any material changes via email or prominent notice on our website.
Regulatory Information Synapse Core is a trading name of RSK SEO LTD, a company registered in England and Wales. We are committed to protecting your data and are registered with the Information Commissioner’s Office (ICO) under registration number: ZC042091