Privacy Policy
Introduction
Peptide.ST ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Dutch data protection law.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have regarding your data when you visit peptide.st or place an order with us.
By using our website, you acknowledge that you have read and understood this Privacy Policy. We may update this policy from time to time, the "Last updated" date at the top of this page always reflects the most current version.
Data We Collect
We collect personal data only when it is necessary to provide our services. The categories of data we may collect include:
- Identity data: Full name, company or institution name
- Contact data: Email address, phone number, billing and shipping address
- Transaction data: Order history, payment method type (we do not store full card details), and invoices
- Technical data: IP address, browser type, device information, operating system, and pages visited
- Usage data: How you interact with our website, time spent on pages, and referring URLs
- Communication data: Messages sent via our contact form or support email
- Marketing preferences: Your opt-in or opt-out status for newsletters and promotional emails
We do not collect sensitive personal data (such as health, biometric, or financial account data) beyond what is strictly required to process your order.
How We Use Your Data
We use your personal data solely for the purposes for which it was collected. These purposes include:
- Processing and fulfilling your orders, including shipping and invoicing
- Communicating with you about your order status, refunds, or support inquiries
- Sending newsletters and product updates (only with your explicit consent)
- Improving our website, product listings, and user experience through analytics
- Complying with legal obligations, such as tax record-keeping and fraud prevention
- Verifying buyer eligibility for research peptide purchases
We will never sell, rent, or trade your personal data to third parties for their own marketing purposes.
Legal Basis (GDPR)
Under the GDPR, we rely on the following lawful bases to process your personal data:
- Contractual necessity: Processing required to fulfill your order or respond to your inquiry
- Legal obligation: Processing required to comply with Dutch and EU law (e.g. tax, customs)
- Legitimate interests: Analytics and fraud prevention, where your rights do not override our interest
- Consent: Marketing communications and optional cookies, you may withdraw consent at any time
Where we rely on consent, you have the right to withdraw it at any time by contacting us or updating your preferences. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
Data Sharing
We may share your personal data with trusted third-party service providers who assist us in running our business, always under strict data processing agreements. These include:
- Payment processors: To handle transactions securely (e.g. Stripe, Mollie)
- Shipping carriers: To dispatch and track your order
- Email service providers: To deliver order confirmations and newsletters
- Analytics providers: To understand website usage in an aggregated, anonymized form
- Legal or regulatory authorities: Where required by applicable law or court order
All third-party processors are contractually required to handle your data securely, only for the specified purposes, and in compliance with the GDPR.
Cookies & Tracking
We use cookies and similar tracking technologies to enhance your browsing experience and gather analytics. The types of cookies we use include:
- Strictly necessary cookies: Required for the website to function (e.g. session, cart, security)
- Analytics cookies: Help us understand how visitors use our site (anonymized data)
- Preference cookies: Remember your settings and choices for a better experience
- Marketing cookies: Used only with your explicit consent to deliver relevant content
You can manage or disable non-essential cookies at any time through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect website functionality.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes it was collected for, or as required by applicable law. Our general retention periods are:
- Order & transaction data: 7 years (Dutch tax law requirement)
- Account & contact data: Duration of the customer relationship + 2 years
- Marketing data: Until you withdraw consent or unsubscribe
- Technical & analytics data: Up to 26 months, then anonymized or deleted
- Support communications: 3 years from last contact
After the applicable retention period, your data is securely deleted or anonymized.
Your Rights
Under the GDPR, you have the following rights with respect to your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention obligations
- Right to restriction: Request that we limit the processing of your data in certain circumstances
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: Withdraw consent for consent-based processing at any time
To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
Data Security
We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
These measures include SSL/TLS encryption for all data in transit, secure server infrastructure, access controls limited to authorized personnel only, and regular security reviews. Our payment processing is handled by PCI-DSS compliant third-party providers, we never store full payment card details on our systems.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with GDPR Article 33 and 34.
International Transfers
Peptide.ST is based in the Netherlands and primarily processes data within the European Economic Area (EEA). Where we use service providers located outside the EEA (such as certain analytics or email platforms), we ensure appropriate safeguards are in place, including:
- European Commission Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding Corporate Rules (BCRs) where applicable
You may request details of the safeguards in place for any specific international transfer by contacting us.
Minors
Our website and products are strictly intended for individuals aged 18 and over. We do not knowingly collect or process personal data from persons under the age of 18.
If we become aware that personal data from a minor has been submitted to us without verified parental consent, we will promptly delete that data. If you believe a minor has provided us with personal data, please contact us immediately.
Contact & DPO
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
- Website: peptide.st/contact
- Registered in the Netherlands
- Last updated: June 1, 2026
We are committed to resolving any privacy concerns promptly. If you are not satisfied with our response, you have the right to escalate your complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).