Privacy Policy

Last updated: March 2026

Research Vials ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website researchvials.com and purchase our products. This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA).

1. Data Controller

The data controller responsible for your personal data is:

Research Vials

Email: support@researchvials.com

Website: researchvials.com

If you have any questions about this Privacy Policy or our data practices, please contact us using the information above.

2. Information We Collect

We collect the following categories of information:

2.1 Personal Data You Provide

  • Identity Information: Full name, username, or similar identifiers
  • Contact Information: Email address, phone number, billing and shipping address
  • Account Information: Login credentials, account preferences, communication preferences
  • Payment Information: Payment is processed through third-party payment processors. We do not store your full credit card number, CVV, or banking details on our servers
  • Order History: Products purchased, order dates, quantities, and transaction amounts
  • Research Affiliation: Institution name, research area, or affiliation details provided during account registration or checkout
  • Age Verification: Confirmation that you are 21 years of age or older
  • Communications: Messages, emails, or inquiries you send to us, including customer support interactions

2.2 Information Collected Automatically

  • Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution
  • Usage Data: Pages visited, time spent on pages, clickstream data, referring/exit pages
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, pixels, and similar technologies (see our Cookie Policy for details)
  • Location Data: Approximate geographic location derived from your IP address

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Performance of a Contract: Processing necessary to fulfill your orders, manage your account, and provide our services
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as fraud prevention, website security, improving our products and services, and internal analytics -- provided these interests are not overridden by your rights
  • Consent: Where you have given explicit consent, such as subscribing to our newsletter or opting in to marketing communications. You may withdraw consent at any time
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations, including tax reporting, regulatory compliance, and responding to lawful requests from authorities

4. How We Use Your Data

We use the information we collect for the following purposes:

  • Order Processing: To process and fulfill your orders, manage shipping, send order confirmations and tracking updates
  • Customer Service: To respond to inquiries, provide technical support, and handle complaints or returns
  • Compliance Verification: To verify that purchasers meet our age requirements (21+) and confirm research use intent as required by our Terms & Conditions
  • Fraud Prevention: To detect and prevent fraudulent transactions, unauthorized access, and other illegal activities
  • Analytics and Improvement: To analyze website usage patterns, improve our website functionality, optimize user experience, and develop new products and services
  • Marketing (with Consent): To send promotional emails, newsletters, and product announcements. You may opt out at any time by clicking "unsubscribe" in any marketing email or contacting us directly
  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements

5. Data Sharing & Third Parties

We do not sell your personal data. We may share your information with the following categories of third parties:

  • Payment Processors: We use third-party payment processors to handle transactions securely. These processors have their own privacy policies governing the information they collect
  • Shipping Carriers: Your name, address, and phone number are shared with carriers to deliver your orders
  • Google Analytics: We use Google Analytics to understand how visitors interact with our website. Google Analytics collects data using cookies (see our Cookie Policy). You may opt out using the Google Analytics Opt-out Browser Add-on
  • Email Marketing Platform: If you subscribe to our newsletter, your email address is processed by our email marketing service provider
  • Legal Authorities: We may disclose your information if required by law, court order, or governmental request, or to protect our rights, safety, or property
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Specific retention periods are as follows:

Data Category Retention Period
Order & transaction records7 years (tax and legal compliance)
Account dataUntil you request deletion
Analytics data26 months
Marketing preferencesUntil you unsubscribe or request removal
Customer support records3 years after last interaction
Cookie consent records12 months (then re-consent required)

After the applicable retention period, personal data is securely deleted or anonymized.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR:

  • Right of Access: You may request a copy of the personal data we hold about you
  • Right to Rectification: You may request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: You may request that we limit how we use your data
  • Right to Data Portability: You may request your personal data in a structured, commonly used, and machine-readable format
  • Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, please contact us at support@researchvials.com. We will respond to your request within 30 days.

8. Your Rights Under CCPA/CPRA

If you are a California resident, you have the following rights under the CCPA and CPRA:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected, the sources of collection, the business or commercial purpose, and the categories of third parties with whom we share it
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights
  • Right to Correct: You may request that we correct inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: You may direct us to limit the use and disclosure of your sensitive personal information

To exercise your rights, please email support@researchvials.com with the subject line "CCPA Rights Request." We will verify your identity before processing your request and respond within 45 days.

9. Cookies

We use cookies and similar tracking technologies on our website. For detailed information about the types of cookies we use, how to manage them, and your options, please refer to our Cookie Policy.

10. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including the United States. When we transfer data internationally, we implement appropriate safeguards to protect your data, including Standard Contractual Clauses (SCCs) approved by the European Commission, or relying on adequacy decisions where available. By using our website and providing your data, you acknowledge and consent to such transfers.

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures, including:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS). Sensitive data at rest is encrypted using industry-standard encryption
  • Access Controls: Personal data access is restricted to authorized personnel on a need-to-know basis, with role-based access controls and multi-factor authentication
  • Regular Audits: We conduct periodic security assessments and vulnerability testing to identify and remediate potential risks
  • Secure Payment Processing: Payment data is handled by PCI-DSS compliant third-party processors
  • Incident Response: We maintain an incident response plan to address data breaches promptly

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR. Where appropriate, we will also notify affected individuals without undue delay, providing details about the nature of the breach, the data affected, the likely consequences, and the measures we have taken or plan to take.

13. Children's Privacy

Our website and products are intended solely for individuals who are 21 years of age or older. We do not knowingly collect, solicit, or maintain personal data from anyone under the age of 21. If we become aware that we have collected personal data from a person under 21, we will delete that information promptly. If you believe we may have collected data from a minor, please contact us at support@researchvials.com.

14. Automated Decision-Making

We do not use your personal data for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. If we implement such processes in the future, we will update this policy and provide you with meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing.

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice (such as an email notification or a prominent announcement on our website). We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

16. Contact & Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@researchvials.com

Contact Form: researchvials.com/contact-us/

If you are located in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your authority at https://edpb.europa.eu.