peptides_direct
BitcoinTether USDTEthereumSolana+ more5% Crypto DiscountSEPA bank transferSEPA

Legal // Privacy

Privacy Policy

Last updated: February 2026
01

Data Controller

The data controller is Toptimum Ltd, Griva Digeni 51, Athineon Court, Office 202, 8047 Paphos, Cyprus. Contact: info@peptidesdirect.io.

02

Data We Collect

We collect: (a) Account data - name, email address, password (hashed); (b) Order data - shipping/billing address, phone number, order history; (c) Payment data - payment method selected and transaction references (we do NOT store credit card numbers); (d) Technical data - IP address, browser type, device information, cookies; (e) Communication data - emails and contact form messages.

03

Purpose of Processing

We process your data to: fulfil orders and deliver products; process payments; communicate about your orders; provide customer support; comply with legal obligations (tax, accounting); improve our website and services; send order-related notifications.

05

Data Sharing

We only share data with: payment service providers (MoneyEU and Loxworth International Limited / CircoFlows for card payments, NOWPayments for crypto payments); shipping service providers (DHL, for delivery); email service providers (Resend, for transactional emails); SMS service providers (Twilio Ireland Limited, for transactional SMS payment reminders); hosting providers (for operating the website). All processors are contractually obligated to comply with the GDPR. We do NOT sell personal data to third parties.

06

Data Retention

Account data is kept until you delete your account. Order data is retained for 10 years (legal requirement for tax/accounting). Technical logs are deleted after 90 days. Marketing consent records are kept for the duration of consent.

07

Your Rights (GDPR)

You have the right to: access your personal data (Art. 15); rectify inaccurate data (Art. 16); erase your data (Art. 17, "right to be forgotten"); restrict processing (Art. 18); data portability (Art. 20); object to processing (Art. 21); withdraw consent at any time (Art. 7(3)). To exercise these rights, email info@peptidesdirect.io. We respond within 30 days.

08

Cookies

We use essential cookies for: session management, shopping cart persistence, authentication, language preference. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect website functionality.

09

Data Security

We implement appropriate technical and organizational measures: encrypted data transmission (HTTPS/TLS); secure password hashing; access controls and authentication; regular security reviews. Despite our measures, no internet transmission is 100% secure.

10

Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence. The competent authority in Cyprus is the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).