Privacy Policy

PeptidePoint respects your privacy. This policy explains what data we collect, why, and how we protect it.

1. Data Controller

PeptidePoint, registered in the Netherlands (KvK: [number]), is the controller of your personal data.

2. What We Collect

• Order data: name, email, shipping address — to fulfill your order.
• Payment data: processed by Mollie (our payment provider). We never see or store your card details.
• Analytics: anonymous usage data via Plausible Analytics (cookieless, GDPR-compliant, no personal data collected).

3. Legal Basis (GDPR Art. 6)

• Contract performance: processing your order requires your name, email, and address.
• Legal obligation: Dutch tax law requires us to retain financial records for 7 years.
• Legitimate interest: fraud prevention and security.

4. Data Retention

We retain your personal data for the minimum period necessary:

• Order details (name, address): deleted 12 months after order completion.
• Financial records (invoices, amounts): retained 7 years per Dutch fiscal law.
• Account data: retained until you delete your account.

5. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data ("right to be forgotten")
• Export your data (portability)
• Object to processing

Contact us at privacy@peptidepoint.nl to exercise these rights.

6. Third Parties

• Mollie — payment processing (their privacy policy)
• PostNL — shipping (they receive your name and address)
• Railway — hosting (EU region, data stays in EU)
• Plausible — analytics (no personal data, EU-hosted)

7. Cookies

We do not use tracking cookies. We use only essential cookies required for cart functionality. No cookie consent banner is needed.

8. Contact

For privacy inquiries: privacy@peptidepoint.nl
Dutch Data Protection Authority (AP): autoriteitpersoonsgegevens.nl

Last updated: March 2026