How we handle your data.

Zeruvmed Ltd (“Zeruvmed”, “we”, “us”) is a healthcare apparel house registered in England and Wales (Companies House n° 12345678). Our registered office is 123 Studio Street, London W1A 0BB, United Kingdom.

For the purposes of UK GDPR and the EU GDPR we are the data controller of any personal information you share with us through this site, our shops, our customer service, or our brand events.

Questions about this policy can be sent to [email protected]. We aim to reply within five working days.

We try to collect as little as the work allows. The categories below cover everything: account details (name, email, password hash), order details (billing and shipping addresses, items purchased, embroidery instructions), payment metadata (last four digits of card, issuer, country — never the full PAN, which is held only by our PCI-DSS payment processor).

We also receive technical data when you visit the site: IP address, device type, browser, and the pages you view. This is largely anonymous and is used to keep the site stable and to fight fraud.

If you sign up to our newsletter, write a review, or contact customer service, the contents of those messages are stored against your account so we can answer them properly.

We use your data to fulfil orders, process returns, send you transactional emails (order placed, dispatched, delivered, refunded), and — where you have opted in — to send you the newsletter and early access to new collections.

The legal bases we rely on are: contract (so we can ship what you bought), legitimate interest (so we can keep the site running and fight fraud), legal obligation (tax records, statutory invoices), and consent (marketing emails, non-essential cookies).

We do not sell your data, ever, and we do not use it to train third-party advertising models.

We share data only with the processors who help us run the house: our payment processor, our shipping partners (DHL, Royal Mail, TCS), our cloud infrastructure (hosted in EU and UK regions), our email service, and our customer-service platform.

Each of these is bound by a written data-processing agreement. They may only use your data to perform the service we have contracted them to perform, and they delete it when the contract ends.

We may also disclose data when compelled by law — a court order, an HMRC request, a regulatory investigation. We will tell you when we are legally permitted to do so.

We use a small set of first-party cookies to keep your cart, your wishlist, and your session intact. We use one analytics cookie to understand which pages are read.

The full list, with purpose and duration, lives on the cookies page. You can turn the non-essential ones off at any time.

Read the cookies policy →

We keep account data for as long as your account is open. If you delete your account we erase the personal fields within thirty days, but we retain order and tax records for seven years — this is required by HMRC and by UK company law.

Marketing data is kept until you unsubscribe, plus a short suppression list so we do not accidentally email you again.

Server logs are kept for ninety days, then rotated and destroyed.

Under UK GDPR and EU GDPR you have the right to: access the personal data we hold; correct it if it is wrong; erase it (subject to our retention obligations); restrict its processing; port it to another controller in a machine-readable format; and object to processing based on legitimate interest.

To exercise any of these rights, write to [email protected]. We will respond within thirty days.

You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or to your local supervisory authority in the EU.

Our studio and our cloud sit in the UK and the EU. When data has to travel elsewhere — for example to a shipping partner in Pakistan, or a customer service tool with US infrastructure — we rely on the UK Addendum to the EU Standard Contractual Clauses, plus supplementary measures such as encryption in transit and at rest.

A copy of these clauses is available on request.

Our products are made for clinical professionals. We do not knowingly collect data from anyone under sixteen. If you believe a child has shared data with us, please contact us and we will delete it without delay.

Privacy enquiries: [email protected]

Postal address: Zeruvmed Ltd, 123 Studio Street, London W1A 0BB, United Kingdom.

For general questions, our customer service team is at [email protected].