Privacy policy

PRIVACY POLICY – ENDURANCE LAB SHOP

Last updated: 21/11/2025

1. Overview

Briteshopper Limited (“we”, “us”, “our”) operates Endurance Lab at Endurancelab.ie (the “Website”). We take your privacy seriously and process personal data in line with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018. Citizens Information+2Irish Statute Book+2

You can browse our Website without creating an account. However, to purchase products, receive support, or subscribe to marketing, we must process certain personal data.

Online data transmission can never be guaranteed 100% secure, but we use appropriate technical and organisational safeguards to protect your data.

2. Data Controller

Briteshopper Limited
Company No.: 688996 (Ireland)
VAT No.: IE3744989NH
Trading as: Endurance Lab
Registered Office: 6 Melita Ashgrove, Kill Avenue, Dun Laoghaire A96VX46
Email:  info@endurancelab.ie
Customer support: info@endurancelab.ie

Briteshopper Limited is the data controller for personal data processed via this Website.

3. Key Definitions

  • Personal data: any information relating to an identified or identifiable person.

  • Processing: anything done with personal data (collecting, storing, using, sharing, deleting).

  • Controller: the entity deciding why/how data is processed.

  • Processor: a third party processing data on behalf of the controller (e.g., Shopify).

  • Consent: freely given, specific, informed, and unambiguous permission.

4. What Personal Data We Collect

We collect data in the following ways:

4.1 Data you provide directly

When you place an order, create an account, contact support, or subscribe:

  • Name

  • Billing and delivery address

  • Email address

  • Phone number

  • Order details and history

  • Messages/content you send to support

  • Marketing preferences/consents

4.2 Data collected automatically

When you browse the Website:

  • IP address

  • Device and browser type/version

  • Operating system

  • Referrer URL

  • Pages visited and time spent

  • Cookie identifiers and site behaviour data

4.3 Payment data

Payments are handled by secure third-party processors (e.g., Shopify Payments, PayPal, Stripe). We do not store full card details. We receive confirmation of payment and limited transaction metadata. Shopify operates as our processor for store and checkout data. Shopify+1

5. Why We Use Your Data (Purposes)

We process personal data to:

  1. Fulfil orders – process checkout, ship goods, send order confirmations and refunds.

  2. Provide customer support – answer questions, handle complaints, manage returns.

  3. Run and improve the Website – detect bugs, prevent fraud, optimise UX.

  4. Marketing (only with consent where required) – email newsletters, product updates, offers.

  5. Legal/tax compliance – maintain records required under Irish/EU law.

6. Legal Bases for Processing

Under GDPR, we rely on:

  • Contract (Art. 6(1)(b)) – to process orders and deliver goods.

  • Legal obligation (Art. 6(1)(c)) – for tax, accounting, consumer law.

  • Legitimate interests (Art. 6(1)(f)) – fraud prevention, security, site improvement.

  • Consent (Art. 6(1)(a)) – email marketing, optional cookies/tracking.

Irish law sets the digital age of consent at 16. If you are under 16, a parent/guardian must provide consent for any consent-based processing (e.g., marketing). Citizens Information

7. Who We Share Your Data With

We only share data where necessary:

7.1 Service providers (processors)

  • Shopify – e-commerce platform, hosting, checkout, order management. Shopify Help Center+1

  • Payment processors – Shopify Payments/Stripe/PayPal/etc., to complete transactions.

  • Shipping and logistics partners – An Post, DPD, DHL, UPS, or similar carriers.

  • Email/CRM tools – e.g., Mailchimp for newsletter delivery and customer communication.

  • Analytics/ads platforms – e.g., Google Analytics, Google Ads conversion tracking, Meta Pixel.

These providers only process data under our instructions, or as separate controllers where applicable.

7.2 Legal disclosures

We may disclose personal data if required to comply with law, court order, or regulatory request.

8. International Transfers

Some providers (e.g., Shopify, Google, Meta, Mailchimp) may process data outside the EEA, including in the US. Where this occurs, we rely on lawful safeguards such as:

  • EU Standard Contractual Clauses (SCCs)

  • Adequacy decisions where applicable

  • Additional security measures when needed

9. Cookies & Tracking

We use cookies and similar technologies to run the shop, remember your cart, and (with consent) analyse traffic and improve ads.

Cookies may include:

  • Strictly necessary cookies (store function, security, checkout)

  • Performance/analytics cookies (site usage measurement)

  • Marketing cookies (ad personalisation, retargeting)

You can manage cookies through:

  • Our cookie banner/preferences tool

  • Your browser settings (blocking may reduce site functionality)

Shopify also sets essential cookies to enable store operation. Shopify Help Center+1

10. Marketing & Newsletters

If you opt in to marketing, we may send emails about products, offers, or educational content. You can unsubscribe anytime by:

  • Clicking “unsubscribe” in any email

  • Contacting info@endurancelab.ie

  • We do not sell your data to third parties.

11. Data Retention

We keep personal data only as long as needed:

  • Order and tax records: typically 6–7 years to meet Irish legal obligations.

  • Account data: until you delete your account or request erasure.

  • Marketing data: until you withdraw consent/unsubscribe.

  • Analytics logs: according to platform retention settings, then anonymised/deleted.

12. Your GDPR Rights

You have the right to:

  1. Access your data

  2. Rectify inaccurate data

  3. Erase data (where lawful)

  4. Restrict processing

  5. Data portability

  6. Object to processing (incl. direct marketing)

  7. Withdraw consent at any time

  8. Lodge a complaint with a supervisory authority

To exercise rights, email: info@endurancelab.ie

We may need to verify identity before responding.

Guidance on legal bases and rights is supported by Irish DPC resources. Homepage | Data Protection Commission+1

13. Supervisory Authority

If you’re not satisfied with our response, you may complain to:

Data Protection Commission (Ireland)
Website: dataprotection.ie
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

14. Third-Party Links

Our Website may contain links to third-party sites (brands, research, partners). We are not responsible for their privacy practices. Please read their policies separately.

15. Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The latest version will always be posted on the Website with an updated “Last updated” date.