Privacy
Last updated: 2 February 2026
GRIND (“we,” “us,” or “our”) operates https://grindshop.cc (the “Site”), an e-commerce platform powered by WordPress and WooCommerce, offering SARMs and related products to customers in Europe and the United Kingdom. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) for the EU, the UK GDPR for the United Kingdom, and other applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our Site, make purchases, or interact with our services (e.g., via forms, carts, or accounts).
If you do not agree with this policy, please do not use our Site. By using the Site, you consent to the practices described here.
1. Who We Are
- Company Details: GRIND, located at , .
- Contact: Email: .
- Data Protection Officer (DPO): Our privacy team handles inquiries— please us email above to contact us.
2. Personal Data We Collect
We collect personal data necessary for our e-commerce operations and SARMs sales in Europe and the UK. Categories include:
- Identity and Contact Data: Name, email address, phone number, billing/shipping address (collected via WooCommerce checkout, WS Form submissions, or account registration).
- Financial Data: Payment details (processed securely via Mollie Payments; we do not store full card details).
- Transaction Data: Order history, purchase details, cart contents (via Modern Cart and CartFlows for abandoned cart recovery).
- Technical Data: IP address, browser type, device info, cookies, usage logs (e.g., via Google Analytics or Bricks Builder elements).
- Form Data: Information submitted via WS Form (e.g., contact forms, custom fields).
- Marketing Data: Preferences for emails, including cart abandonment reminders (opt-in via WS Form or checkout).
We minimize collection to what’s necessary. We do not process sensitive data (e.g., health) unless explicitly consented to via forms, as required by GDPR/UK GDPR Art. 9.
How We Collect It:
- Directly from you (e.g., checkout, WS Form submissions).
- Automatically (e.g., cookies for cart sessions or Google Analytics).
- From third parties (e.g., Mollie Payments for transaction confirmation).
3. How We Use Your Personal Data
We use data for legitimate business purposes. Examples:
| Purpose | Examples | Legal Basis (GDPR/UK GDPR) |
|---|---|---|
| Fulfill Orders & Services | Process payments (via Mollie), ship products, manage accounts (WooCommerce/CartFlows). | Contractual necessity (Art. 6(1)(b)). |
| Customer Support | Respond to queries via email/WS Form. | Legitimate interests (Art. 6(1)(f))—providing support. |
| Marketing | Send cart abandonment emails or newsletters (if consented; via CartFlows/Modern Cart). | Consent (Art. 6(1)(a))—easy withdrawal. |
| Site Improvement | Analyze usage (via Google Analytics); personalize via Meta Box fields. | Legitimate interests—enhancing user experience. |
| Security/Fraud Prevention | Detect suspicious activity in checkouts. | Legal obligation (Art. 6(1)(c)). |
| Compliance | Retain records for audits/taxes. | Legal obligation. |
No automated decision-making (e.g., profiling) occurs that produces legal effects.
4. Sharing Your Personal Data
We share data only as needed, with safeguards:
- Service Providers:
- Hostinger: Hosting provider (data storage).
- Mollie Payments: Payment processing.
- Google Analytics: Site usage tracking (anonymized where possible). They act as GDPR/UK GDPR-compliant processors under data processing agreements.
- Plugins & Tools: Data may flow to WooCommerce extensions (e.g., WS Form for form storage, CartFlows for cart recovery).
- Legal/Authorities: If required by law (e.g., tax authorities in EU/UK).
We do not sell data. See third-party policies: Hostinger Privacy Policy, Mollie Privacy Policy, Google Analytics Data Practices.
5. International Data Transfers
Some providers (e.g., Hostinger, Google Analytics) may transfer data outside the EEA or UK (e.g., to U.S. servers). We ensure compliance with GDPR/UK GDPR through:
- EU/UK Adequacy Decisions, or
- Standard Contractual Clauses (SCCs) per GDPR/UK GDPR Art. 46. Details available at .
6. Data Retention
We retain data for 7 years to comply with legal/financial obligations in the EU and UK (e.g., tax records, order history, WS Form submissions). Afterward, we securely delete or anonymize it. Marketing data is kept until consent withdrawal.
7. Your GDPR/UK GDPR Rights
You have rights over your data (GDPR/UK GDPR Art. 15-22). Email to exercise them (response within 1 month):
- Access: Request copies.
- Rectification: Correct inaccuracies.
- Erasure (“Right to Be Forgotten”): Delete data (except legal obligations).
- Restriction: Limit processing during disputes.
- Portability: Receive data in machine-readable format.
- Objection: Oppose processing (e.g., marketing emails).
- Withdraw Consent: Anytime (e.g., for cart abandonment emails), without affecting prior processing.
For complaints: Contact your local supervisory authority, e.g., CNIL in France for EU residents or ICO in the UK for UK residents.
8. Cookies and Tracking
Our Site uses cookies for functionality, analytics, and marketing, managed via [e.g., CookieYes plugin for consent banners]. See our [Cookie Policy] for details. You can manage via browser settings.
- Essential: Always on (e.g., cart sessions via Modern Cart).
- Analytics: Google Analytics (requires consent; up to 26 months).
- Marketing: Cart abandonment tracking (CartFlows; consent-based).
9. Children’s Privacy
Our Site is for users 18+ due to SARMs regulations in the EU and UK. We do not knowingly collect data from those under 18. Parents: Contact to delete any such data.
10. Data Security
We use technical measures (e.g., SSL encryption, Hostinger’s security, WooCommerce plugins) to protect data. No system is 100% secure—report breaches to .
11. Changes to This Policy
We may update this policy. Changes will be posted on the Site; significant updates emailed to registered users. Continued use = acceptance.
