Privacy Policy

1. Introduction & Who We Are

DSS Genetics ("we", "us", "our") operates the website dssgenetics.com. We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or place an order with us.

DSS Genetics is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact us at the details provided in Section 11.

By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our website immediately.

2. Children's Privacy

Our website, products, and services are intended exclusively for individuals aged 18 years or older. We do not knowingly collect, use, or disclose personal data from anyone under the age of 18.

If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete such data from our systems. If you believe that a child under the age of 18 has provided personal information to us, please contact us immediately using the details in Section 11 so that we can take appropriate action.

3. What Data We Collect

We collect various types of information in connection with your use of our website and services. This includes:

Identity & Contact Data

Full name, billing and shipping address, email address, and telephone number. This information is collected when you create an account, place an order, or contact us directly.

Payment Information

Credit or debit card details, billing address, and transaction history. Please note that full card details are processed directly by our PCI-DSS compliant payment processors (Stripe). We do not store complete card numbers on our servers.

Technical & Browsing Data

IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform. We also collect information about how you use our website, including pages visited, search queries, click patterns, and session duration.

Communications Data

Any communications you send to us, including support requests, emails, and feedback. We retain these to resolve disputes, troubleshoot issues, and improve our services.

4. How We Use Your Data

We use the personal data we collect for the following purposes, each supported by an appropriate legal basis under the GDPR:

Order Processing & Fulfilment (Contractual Necessity)

To process and manage your orders, accept payment, arrange delivery, send order confirmations and dispatch notifications, and handle returns or refund requests.

Customer Communications (Contractual & Legitimate Interest)

To respond to your enquiries, provide customer support, send service-related notices (such as order updates), and communicate changes to our policies or product range.

Marketing Communications (Consent)

Where you have opted in, we may send you promotional emails about new strains, special offers, and growing guides. You may withdraw consent at any time by clicking "unsubscribe" in any marketing email or by contacting us directly.

Service Improvement (Legitimate Interest)

To analyse how visitors interact with our website, identify technical issues, and improve the overall user experience, product listings, and search functionality.

5. Data Storage & Security

Your data is stored on secure servers hosted within the European Economic Area (EEA). Where data is transferred outside the EEA — for example, to payment processors or analytics providers — we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These include SSL/TLS encryption for all data transmitted via our website, access controls limiting who within our organisation can access personal data, regular security audits and vulnerability assessments, and encrypted storage for sensitive account information.

While we take all reasonable steps to protect your information, no method of transmission over the internet is entirely secure. We cannot guarantee the absolute security of data transmitted to our website and any transmission is at your own risk.

6. Third-Party Sharing

We do not sell, trade, or rent your personal data to third parties for their own marketing purposes. We share your data only in the following circumstances:

Payment Processors

We use Stripe and other compliant payment processors to handle transactions securely. These processors receive only the data necessary to complete your payment. They operate under their own privacy policies and are bound by strict data processing agreements.

Shipping & Logistics Partners

Your name and delivery address are shared with our shipping carriers (such as Royal Mail, DPD, PostNL, and other regional carriers) solely for the purpose of fulfilling your order. Shipping partners are not permitted to use this data for any other purpose.

Analytics & Technology Providers

We may use services such as Google Analytics to understand website usage. These tools collect data in an anonymised or pseudonymised form where possible. We ensure appropriate data processing agreements are in place with all technology partners.

Social Media & Third-Party Platform APIs

We use official APIs provided by social media platforms — including Twitter/X, Pinterest, Instagram, and Reddit — to publish content, share product information, and engage with our community. When we use these APIs, we do so solely to manage our own brand accounts and do not collect, store, or process any personal data from users of those platforms. We do not access private messages, follower lists, or personal profiles of third-party users. All API usage complies with each platform's developer terms of service and data policies.

Legal Requirements

We may disclose your data where required to do so by law, or in response to valid requests by public authorities (e.g. a court order or government agency).

7. Cookies Policy

Our website uses cookies — small text files placed on your device — to enhance your browsing experience and enable essential functionality. The types of cookies we use include:

Strictly Necessary Cookies: These are required for the website to function and cannot be switched off. They include cookies that remember your shopping cart contents, maintain your login session, and process secure payments.

Performance & Analytics Cookies: These help us understand how visitors interact with our website by collecting anonymised information about page visits, time spent, and navigation paths. We use this to improve our website structure and content.

Functional Cookies: These enable enhanced functionality, such as remembering your preferences (language, currency, and region settings) so you don't need to re-enter them on each visit.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website. For more information on cookies and how to manage them, visit allaboutcookies.org.

8. Your Rights Under GDPR

If you are located in the European Economic Area or the United Kingdom, you have the following rights in relation to your personal data:

Right of Access: You have the right to request a copy of the personal data we hold about you (a "Subject Access Request").

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten"): You may request that we delete your personal data where there is no compelling reason for us to continue processing it, subject to certain legal exceptions.

Right to Data Portability: Where processing is based on your consent or contract, you have the right to receive your data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller.

Right to Restrict Processing: You may request that we restrict the processing of your data in certain circumstances, for example while we verify the accuracy of data you have contested.

Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately.

To exercise any of these rights, please contact us using the details in Section 11. We will respond to all legitimate requests within one month. You also have the right to lodge a complaint with your national data protection supervisory authority.

9. Your Rights Under CCPA (California Residents)

If you are a resident of California, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following additional rights regarding your personal information:

Right to Know: You have the right to request that we disclose what personal information we have collected about you in the preceding 12 months, the categories of sources from which it was collected, our business purpose for collecting it, and the categories of third parties with whom we have shared it.

Right to Delete: You have the right to request that we delete any personal information we have collected from you, subject to certain exceptions permitted by law (such as data required to complete a transaction or comply with a legal obligation).

Right to Opt Out of Sale: DSS Genetics does not sell personal information to third parties within the meaning of the CCPA. We do not and will not sell your personal data.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your privacy rights.

Do Not Track Disclosure: Our website does not currently respond to "Do Not Track" (DNT) browser signals. However, you can control tracking through your cookie preferences and browser settings as described in Section 7.

To exercise any of your CCPA rights, please contact us at privacy@dssgenetics.com or use the contact details in Section 11. We will verify your identity before processing your request and respond within 45 days as required by law.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Order-related data (including your name, address, and purchase history) is retained for a minimum of seven (7) years to comply with financial and tax record-keeping obligations. After this period, data is securely deleted or anonymised.

Marketing preferences and communication data are retained until you withdraw your consent or request erasure. Account data is retained for the duration your account is active. If you request account deletion, we will erase your personal data within 30 days, subject to any legal retention obligations.

Anonymised, aggregated data (such as analytics data with no identifying information) may be retained indefinitely for the purpose of improving our services.

11. Contact for Privacy Matters

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please contact our Data Privacy team:

Email: privacy@dssgenetics.com

Website: dssgenetics.com/contact

Response Time: We aim to respond to all privacy-related enquiries within 5 business days and to fulfil Subject Access Requests within 30 days as required by law.

If you are not satisfied with our response, you have the right to complain to the relevant data protection supervisory authority in your country of residence.