Last updated: May 2026

Legal notice: This Privacy Policy is drafted for UK GDPR compliance. Items marked with ** require completion by NexGen Research before this page goes live. Review by a UK-qualified solicitor is recommended prior to publication.

1. Who we are

NexGen Research is a UK-based supplier of premium research-grade peptides and compounds, supplying qualified scientific professionals, research institutions, and independent laboratories worldwide.

  • Data controller: NexGen Research Ltd
  • Trading name: NexGen Research
  • Website: nexgenresearch.com
  • Registered address: **[TO BE CONFIRMED BY CLIENT]
  • Company registration number: **[TO BE CONFIRMED BY CLIENT]
  • ICO registration number: **[TO BE CONFIRMED BY CLIENT β€” register at ico.org.uk before going live]
  • Data protection contact: privacy@nexgenresearch.com

2. What this policy covers

This Privacy Policy explains how NexGen Research collects, uses, stores, shares, and protects your personal data when you:

  • Visit our website at nexgenresearch.com
  • Create an account or place an order on our site
  • Subscribe to our Research Intelligence newsletter
  • Contact us by email, form, or any other means
  • Interact with us on social media

This policy applies to all personal data we process about you as a website visitor, customer, or subscriber. It does not apply to data we process about our employees or contractors, which is covered by separate internal policies.

3. The personal data we collect

3.1 Data you provide directly to us

When you register, place an order, or contact us, we collect:

  • Full name
  • Email address
  • Delivery address and billing address
  • Phone number (if provided)
  • Professional or institutional affiliation (if provided)
  • Researcher confirmation status (recorded at checkout)
  • Payment card details (processed by Stripe β€” we do not store full card numbers on our servers)
  • Order history and transaction records
  • Communications you send to us including support enquiries
  • Newsletter subscription preferences
  • Account login credentials (passwords are stored in encrypted form only and are never visible to us)

3.2 Data we collect automatically

When you visit our website we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on each page
  • Referring URL (the website that brought you to ours)
  • Cookie data (see Section 9 for full details)
  • Session duration and clickstream data

3.3 Data we receive from third parties

We may receive limited data about you from:

  • Stripe β€” transaction confirmation and fraud prevention signals
  • Our email marketing platform β€” delivery and engagement data
  • Google Analytics 4 β€” aggregated, anonymised website traffic data
  • Social media platforms if you interact with our NexGen Research pages

We do not purchase marketing lists or obtain personal data from data brokers.

4. How we use your personal data

4.1 To fulfil your order

We process your name, address, email, and payment information to process and confirm your order, arrange cold-chain shipping and delivery to your specified address, send your order confirmation, dispatch notification, and invoice, provide your batch-specific Certificate of Analysis and documentation, and handle any returns, refunds, or order disputes.

Lawful basis: Performance of a contract (UK GDPR Article 6(1)(b)).

4.2 To operate our website and account system

We process your login credentials and account data to maintain your NexGen Research account and order history, allow you to access your COA library and previous orders, and keep your account secure from unauthorised access.

Lawful basis: Performance of a contract (UK GDPR Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).

4.3 To send you marketing communications

If you have opted in, we send you our Research Intelligence newsletter, updates about new compounds added to our catalogue, and research protocol guides and compound spotlights.

Lawful basis: Consent (UK GDPR Article 6(1)(a)). You may withdraw your consent at any time by clicking unsubscribe in any email or by contacting us at privacy@nexgenresearch.com. We will never sell your email address or personal data to third parties for their marketing purposes.

4.4 To comply with our legal obligations

We retain certain records to comply with HMRC requirements for financial records (minimum 6 years), UK consumer contract regulations, and ICO data protection obligations.

Lawful basis: Legal obligation (UK GDPR Article 6(1)(c)).

4.5 To protect our legitimate business interests

We process data to prevent fraud and verify researcher status at checkout, monitor website security and prevent unauthorised access, analyse website performance and improve the user experience on nexgenresearch.com, and resolve disputes and enforce our Terms and Conditions.

Lawful basis: Legitimate interests (UK GDPR Article 6(1)(f)). We have assessed that our legitimate interests do not override your rights and freedoms.

5. Researcher confirmation and lawful basis

NexGen Research supplies compounds strictly for legitimate laboratory research use. At checkout, we require you to confirm your status as a qualified researcher by ticking a mandatory checkbox. This confirmation is recorded against your order as part of our compliance obligations.

We process this confirmation data under our legitimate interests in ensuring our products are supplied only for lawful research purposes and in protecting our business from regulatory risk. This confirmation does not constitute verification of your professional credentials. You are solely responsible for the accuracy of your confirmation and for ensuring your use of any NexGen Research compound complies with all applicable laws in your jurisdiction.

6. Who we share your data with

We do not sell your personal data. We share it only in the following circumstances.

6.1 Service providers (data processors)

We share data with trusted third-party processors who act strictly on our instructions:

  • Stripe β€” payment processing. Your payment card data is processed directly by Stripe under their own privacy policy at stripe.com/privacy. We receive only a payment confirmation token and never store full card numbers.
  • Hostinger β€” website hosting and server-side data storage
  • Google β€” Google Analytics 4 and Google Search Console for aggregated, anonymised website analytics
  • Cloudflare β€” website performance optimisation, security, WAF protection, and DDoS mitigation
  • Proton Mail β€” secure operational email for research@nexgenresearch.com and privacy@nexgenresearch.com
  • **[EMAIL MARKETING PLATFORM β€” Mailchimp or Klaviyo, to be confirmed by client] β€” Research Intelligence newsletter delivery and transactional order emails
  • **[COLD-CHAIN LOGISTICS PARTNER β€” to be confirmed by client] β€” your delivery name and address is shared with our cold-chain shipping partner solely to fulfil your order

All processors are required to handle your data in accordance with UK GDPR under a signed Data Processing Agreement. Where processors are based outside the UK, appropriate transfer safeguards are in place as detailed in Section 7.

6.2 Legal and regulatory disclosure

We may disclose your personal data if required by a court order, legal process, binding regulatory requirement, the Information Commissioner’s Office (ICO), or law enforcement agencies in connection with the prevention or detection of crime. We will seek legal advice before making any disclosure not required by a binding legal obligation.

6.3 Business transfers

In the event of a merger, acquisition, or sale of all or part of NexGen Research, your personal data may be transferred to the new owner. We will notify you of any such transfer and your rights in relation to it before the transfer takes place.

7. International data transfers

Some of our service providers are based outside the United Kingdom. Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place including UK International Data Transfer Agreements (IDTAs) and standard contractual clauses approved by the ICO.

  • Google Analytics (USA): Google LLC participates in the EU-US Data Privacy Framework and provides appropriate transfer safeguards under its Data Processing Terms.
  • Stripe (USA): Stripe processes payments under appropriate transfer mechanisms including standard contractual clauses.
  • Cloudflare (USA/Global): Cloudflare operates a global network and processes data under appropriate contractual safeguards.
  • Proton Mail (Switzerland): Switzerland holds UK adequacy status. Proton Mail is subject to Swiss Federal Data Protection Act standards.

You are entitled to request details of the specific transfer safeguards we rely on for any processor. Contact us at privacy@nexgenresearch.com.

8. How long we keep your data

  • Order records and transaction data: 7 years (HMRC financial record-keeping requirement)
  • Account data: For the duration of your account plus 2 years following account closure
  • Marketing and newsletter data: Until you withdraw consent, or 2 years of inactivity, whichever is sooner
  • Website analytics data: 26 months (Google Analytics 4 default retention setting)
  • Security and fraud prevention logs: 12 months
  • Researcher confirmation records: 7 years, in line with order records
  • Customer support communications: 3 years from the date of last contact

Where we are required by law to retain data for a longer period, we will do so. Where data is no longer needed it is securely deleted or permanently anonymised.

9. Cookies

Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device when you visit a website.

Essential cookies

Strictly necessary for nexgenresearch.com to function. Set in response to actions you take such as logging in, adding items to your cart, completing checkout, or setting cookie preferences. These do not require your consent under PECR.

Analytics cookies

We use Google Analytics 4 to understand how visitors interact with our website. This data is aggregated and anonymised and helps us improve the site. These cookies require your consent and are only activated after you accept them via our cookie consent banner.

Marketing cookies

We may use marketing cookies to show relevant NexGen Research content on other platforms. These require your consent and are only activated after you accept them via our cookie consent banner.

Managing your cookie preferences

When you first visit nexgenresearch.com you will be shown a cookie consent banner powered by Complianz. You can accept all cookies, reject non-essential cookies, or customise your preferences by category. You can update your preferences at any time via the cookie settings link in the footer of our website. Non-essential cookies are not loaded until you provide your consent, in compliance with UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

10. Your rights under UK GDPR

Under UK GDPR you have the following rights in relation to your personal data held by NexGen Research:

  • Right of access β€” Request a copy of the personal data we hold about you. We will respond within one calendar month. We may ask you to verify your identity first.
  • Right to rectification β€” Ask us to correct any inaccurate or incomplete data. You can update most account information directly from your NexGen Research account settings.
  • Right to erasure β€” Ask us to delete your personal data in certain circumstances. This right is not absolute and does not apply where we are required by law to retain data, for example HMRC financial records.
  • Right to restrict processing β€” Ask us to restrict processing of your data in certain circumstances, for example while we investigate a dispute about accuracy.
  • Right to data portability β€” Where we process your data on the basis of consent or contract, receive your data in a structured, machine-readable format and have it transferred to another controller where technically feasible.
  • Right to object β€” Object to processing where we rely on legitimate interests. You have an absolute right to object to processing for direct marketing purposes at any time.
  • Right not to be subject to automated decisions β€” We do not make solely automated decisions that produce legal or significant effects about you.

To exercise any of your rights, contact us at privacy@nexgenresearch.com or by post to our registered address above.

We will respond within one calendar month. We may extend this by a further two months for complex or multiple requests, in which case we will notify you within the first month. We will not charge a fee unless a request is manifestly unfounded or excessive.

11. Right to complain to the ICO

If you believe NexGen Research has not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would ask that you contact us at privacy@nexgenresearch.com in the first instance to give us the opportunity to address your concerns before escalating to the ICO.

12. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures including:

  • SSL/TLS encryption on all data transmission β€” HTTPS enforced site-wide on nexgenresearch.com
  • Encrypted password storage β€” passwords are hashed and never stored in plain text
  • Two-factor authentication on all NexGen Research administrative systems
  • Cloudflare Web Application Firewall (WAF) and enterprise-grade DDoS protection
  • Wordfence security plugin with active firewall and malware scanning
  • Regular automated encrypted backups stored off-server via UpdraftPlus
  • Restricted access to personal data on a strict need-to-know basis
  • Regular security audits and patch management
  • CAPTCHA protection on all forms including checkout, login, and contact

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify you without undue delay where required by UK GDPR Article 34.

13. Children

NexGen Research and its services are intended exclusively for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data about a minor, please contact us immediately at privacy@nexgenresearch.com and we will delete it promptly.

14. Links to third-party websites

nexgenresearch.com may contain links to third-party websites including social media platforms, logistics providers, and payment processors. Once you leave our website this Privacy Policy no longer applies. We encourage you to read the privacy policies of any third-party websites you visit. We are not responsible for the privacy practices of third parties.

15. Changes to this Privacy Policy

We review and update this Privacy Policy periodically. Where we make material changes we will notify you by email if you have a NexGen Research account, and display a prominent notice on our website. The date at the top of this document indicates when it was last updated. We recommend you check this page periodically. Your continued use of nexgenresearch.com after any changes constitutes acceptance of the updated policy.

16. Contact us

For any questions about this Privacy Policy, how we handle your personal data, or to exercise your rights:

  • Company name: NexGen Research Ltd
  • Trading as: NexGen Research
  • Website: nexgenresearch.com
  • Email: privacy@nexgenresearch.com
  • Research enquiries: research@nexgenresearch.com
  • Registered address: **[TO BE CONFIRMED BY CLIENT]
  • ICO registration number: **[TO BE CONFIRMED BY CLIENT]

For laboratory research use only. Not for human consumption. Not intended to diagnose, treat, cure, or prevent any disease. NexGen Research Ltd β€” nexgenresearch.com