Legal
Privacy Policy
How we collect, use and protect your personal data, in line with UK GDPR.
Labrats ("we", "us", "our") is a brand operated by The Metavision Multimedia Limited, a company registered in England and Wales. This policy explains what personal data we collect when you visit labrats.uk, how we use it, who we share it with, and the rights you have under UK GDPR and the Data Protection Act 2018.
1. Who we are
The data controller is:
The Metavision Multimedia Limited Trading as: Labrats Website: labrats.uk Contact: contact@themetavision.co.uk
If you have any question about this policy or want to exercise your rights, email the address above and we will respond within 30 days.
2. What we collect
We collect different categories of personal data depending on how you use the site:
- Information you give us directly — your name, email address, postal address, billing address, telephone number (if provided) and any message content when you fill in a contact form, sign up to our newsletter, place an order, or comment on the site.
- Order and payment data — items purchased, order value, currency, billing/shipping addresses and partial card details (we never see or store your full card number; that is handled by Stripe).
- Account and login data — if we offer membership or accounts, your email, hashed password and account preferences.
- Technical data — IP address, browser type and version, device type, operating system, time zone, referring URL, pages viewed, session duration and similar diagnostic information collected by our hosting provider and analytics tools.
- Cookies and similar technologies — see our separate Cookie Policy for details.
We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
3. Why we use it (legal bases)
We process personal data only where we have a lawful basis under UK GDPR Article 6:
- Contract — to take and fulfil orders, deliver products, process refunds and provide customer support.
- Legitimate interests — to keep the site secure, prevent fraud, analyse aggregate usage so we can improve the site, and respond to enquiries.
- Consent — for marketing emails, non-essential cookies and any optional personalisation. You can withdraw consent at any time.
- Legal obligation — for tax records, accounting, and complying with lawful requests from regulators or law enforcement.
4. Who we share it with
We use a small set of trusted processors. Each handles only the data needed to deliver its service and is bound by a written data-processing agreement.
- Stripe, Inc. — payment processing.
- Print-on-demand fulfilment partners — print-on-demand fulfilment and shipping of physical products.
- Netlify, Inc. — website hosting and serverless functions.
- Sanity.io — content management and image delivery.
- MailerLite — newsletter and marketing email delivery (only if you have subscribed).
- Web3Forms — secure handling of contact-form submissions.
- Google LLC — anonymised analytics (where enabled) and Google Workspace email.
- Resend — transactional email (order confirmations, shipping updates).
We do not sell your personal data to third parties. We may disclose data if required by law, court order or to protect our legal rights.
5. International transfers
Some of our processors are based outside the UK, primarily in the United States and the European Economic Area. Where data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Addendum, EU Standard Contractual Clauses or adequacy decisions made by the UK government.
6. How long we keep it
- Order data — six years from the end of the financial year in which the order was placed (UK tax law).
- Customer support correspondence — three years from the last contact.
- Newsletter subscribers — until you unsubscribe, after which we retain a suppression record so we do not contact you again.
- Server and analytics logs — typically 30 days, then aggregated or deleted.
We delete or anonymise personal data once the retention period expires.
7. Your rights
Under UK GDPR you have the right to:
- request access to the personal data we hold about you;
- ask us to correct inaccurate data;
- ask us to delete data we no longer need;
- object to or restrict processing in certain circumstances;
- request that we transfer your data to another provider (data portability);
- withdraw consent for marketing or optional cookies at any time;
- complain to the Information Commissioner's Office (ico.org.uk) if you believe we have mishandled your data.
To exercise any of these rights, email contact@themetavision.co.uk. We may need to verify your identity before responding.
8. Security
We use HTTPS across the site, store passwords using one-way hashing, restrict access to personal data on a need-to-know basis, and review our processors' security practices regularly. No system is perfectly secure, so we encourage you to use a unique password and keep your account credentials private.
9. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will always reflect the most recent change. Material changes will be flagged on the site or by email where appropriate.
10. Contact
Questions, requests or complaints about this policy:
The Metavision Multimedia Limited Email: contact@themetavision.co.uk