Skip to content

Free shipping over €150  |  Certificate of Analysis included  |  📞 +40 750 437 038  |  💬 Live Chat

CertaPeptides
Home/Privacy Policy

Privacy Policy

CertaPeptides is committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information in compliance with the EU General Data Protection Regulation (GDPR).

Last updated: March 2025|GDPR Compliant

1. Information We Collect

  • Personal Identification: Name, email address, phone number, shipping and billing address collected when you place an order or create an account.
  • Payment Data: Payment information is processed securely by PCI-DSS compliant third-party payment providers. We do not store your card or bank details on our servers.
  • Technical Data: IP address, browser type, device information, pages visited, time on site, and referring URL collected via essential and, where consented, analytics cookies.
  • Order Data: Purchase history, product preferences, and cart contents for the duration of your session.
  • Communication Records: Support emails, order inquiries, and customer service interactions.

2. How We Use Your Information

  • Order Fulfilment (Art. 6(1)(b) GDPR): Processing and shipping your orders, managing your account, and providing customer support.
  • Legitimate Interest (Art. 6(1)(f) GDPR): Fraud prevention, website security, and improving our products and services.
  • Consent (Art. 6(1)(a) GDPR): Analytics cookies, marketing communications, and personalised recommendations — only with your explicit opt-in.
  • Legal Obligation (Art. 6(1)(c) GDPR): Tax compliance, invoicing records, and regulatory documentation as required by EU law.
  • Anonymised Analytics: Generating anonymised, aggregated data to understand usage patterns and improve our website.

3. Data Sharing

  • Shipping Partners: Name and address shared with EU-based logistics providers solely for order fulfilment.
  • Payment Processors: Payment data processed by PCI-DSS Level 1 certified providers for secure transactions.
  • Analytics (if consented): Anonymised, aggregated usage data only. No personal identifiers are shared.
  • Legal Authorities: When required by applicable law or to prevent fraud.
  • We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Cookies

  • Essential Cookies: Required for cart functionality, session management, authentication, and security. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use our site. Only set with your explicit consent.
  • Preference Cookies: Remember your settings such as language, currency, and theme preferences.
  • You can manage your cookie preferences at any time through the cookie settings panel or your browser settings.

5. Your Rights Under GDPR

  • Right of Access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): Request deletion of your personal data ('right to be forgotten').
  • Right to Restrict Processing (Art. 18): Limit how we use your data in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests.
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent for analytics or marketing at any time via cookie settings.
  • To exercise any of these rights, contact us at support@certapeptides.com. We will respond within 30 days as required by GDPR.

6. Data Retention

  • Order & Transaction Data: Retained for 7 years to comply with EU tax and accounting regulations.
  • Marketing Consent Records: Maintained until you withdraw consent.
  • Account Data: Retained while your account is active, deleted upon request.
  • Browsing & Analytics Data: Anonymised or deleted after 26 months.
  • All data is stored on servers within the European Union and encrypted at rest and in transit.

7. Security

  • Encryption: SSL/TLS encryption on all pages and data transmissions. AES-256 encryption for data at rest.
  • Payment Security: All payments processed through PCI-DSS compliant providers.
  • Access Controls: Personal data access restricted to authorised personnel on a need-to-know basis.
  • Regular Audits: Security audits and vulnerability assessments conducted regularly.

8. Contact

  • Data Controller: CertaPeptides, Romania, European Union.
  • Email: support@certapeptides.com — include 'GDPR Request' in the subject line for data protection inquiries.
  • Supervisory Authority: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local EU Data Protection Authority.

9. Updates to This Policy

  • We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
  • Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Note: All CertaPeptides products are sold strictly for research and laboratory use only. They are not intended for human consumption. This privacy policy applies to all interactions with our website and services at certapeptides.com.

Want to update your cookie preferences?

Questions about your data?

support@certapeptides.com