1. Data Controllers

For all privacy-related questions, requests or complaints, please contact: info@peptiderevolution.eu.

2. Scope of this Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored and protected when you visit the E-shop, place an order, create a customer account, contact customer support, subscribe to marketing communications or otherwise interact with www.peptiderevolution.eu.

This Privacy Policy applies to consumers, customers, website visitors, business partners and other persons whose personal data may be processed in connection with the E-shop.

3. Key GDPR Terms

Term	Meaning
GDPR	Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data.
Personal data	Any information relating to an identified or identifiable natural person, such as name, address, e-mail, phone number, IP address, order details or payment information.
Processing	Any operation performed on personal data, including collection, storage, use, disclosure, erasure or restriction.
Controller	The person or company that determines why and how personal data is processed.
Processor	A person or company that processes personal data on behalf of the controller.
Consent	A freely given, specific, informed and unambiguous indication of agreement to the processing of personal data.

4. What Personal Data We Process

We may process the following categories of personal data:

• Identification data: name, surname, company name, billing details.
• Contact data: e-mail address, phone number, billing address, delivery address.
• Order data: ordered products, order number, order status, payment method, shipping method, invoice data.
• Payment data: payment status, transaction reference, payment provider confirmation. We do not store full card details.
• Delivery data: shipping address, carrier details, tracking number and delivery status.
• Customer support data: messages, requests, complaints, return requests and related communication.
• Account data: login e-mail, account settings, order history and saved checkout details.
• Technical data: IP address, browser type, device information, cookies, website logs and security logs.
• Marketing data: newsletter subscription, marketing preferences, discount code usage and campaign interaction, if applicable.

5. Purposes and Legal Bases of Processing

Purpose	Legal basis
Processing and fulfilling orders, including payment, delivery and customer communication.	Performance of a contract under Article 6(1)(b) GDPR.
Issuing invoices, accounting, tax records and compliance with legal obligations.	Legal obligation under Article 6(1)(c) GDPR.
Handling complaints, returns, withdrawal requests and warranty-related claims.	Performance of a contract and legal obligation under Article 6(1)(b) and 6(1)(c) GDPR.
Customer support and communication related to orders or inquiries.	Performance of a contract or legitimate interest under Article 6(1)(b) and 6(1)(f) GDPR.
Website security, fraud prevention, abuse prevention and protection of legal claims.	Legitimate interest under Article 6(1)(f) GDPR.
Sending newsletters and marketing communications to subscribed users.	Consent under Article 6(1)(a) GDPR or legitimate interest where permitted by law.
Analytics, website improvement and measurement of marketing performance.	Consent or legitimate interest, depending on the type of cookies and tracking used.
Direct marketing to existing customers for similar products or services, where legally permitted.	Legitimate interest under Article 6(1)(f) GDPR, unless consent is required by law.

6. WooCommerce, Checkout and Customer Account

The E-shop is operated using WordPress and WooCommerce. When you place an order or create an account, the E-shop stores the information necessary to process your order and maintain your customer account.

This may include your name, billing and delivery address, e-mail address, phone number, order history, selected payment method, selected shipping method and customer notes added during checkout.

If you create an account, you are responsible for keeping your login details confidential. You may request deletion of your account unless the controller is legally required to retain certain data, for example invoice or accounting records.

7. Payment Processing

Payments may be processed by third-party payment providers. These providers may process payment-related data necessary to authorize, confirm or settle the payment.

We do not store your full card number or full card security code on our servers. Card data is processed by the relevant payment provider according to its own security and compliance standards.

8. Delivery and Carriers

In order to deliver your order, we may provide necessary personal data to carriers, logistics partners and fulfilment partners. This usually includes your name, delivery address, phone number, e-mail address, order reference and shipment information.

The carrier may use this data to deliver the shipment, send tracking notifications and resolve delivery issues.

9. Marketing Communications

We may send marketing communications, newsletters, discount offers or product-related updates if you have subscribed to them or where such communication is legally permitted for existing customers.

You can unsubscribe at any time by using the unsubscribe link in the e-mail or by contacting us at info@peptiderevolution.eu.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

10. Cookies and Similar Technologies

The E-shop may use cookies and similar technologies to ensure proper website functionality, remember cart contents, improve user experience, measure website performance and support marketing activities.

Cookies may include:

• Essential cookies: necessary for cart, checkout, login, security and website functionality.
• Analytics cookies: used to understand how visitors use the website.
• Marketing cookies: used to measure advertising performance and personalize marketing, where applicable.

Where required by law, non-essential cookies are used only with your consent. You can manage or withdraw cookie consent through the cookie banner or your browser settings.

11. Processors and Third-Party Recipients

Personal data may be shared with trusted processors and third-party recipients only where necessary for the purposes described in this Privacy Policy.

These may include:

• hosting providers and server administrators,
• WordPress, WooCommerce, Elementor and related website service providers,
• payment providers and banks,
• shipping companies, carriers and logistics providers,
• accounting and invoicing service providers,
• customer support and communication tools,
• e-mail and newsletter service providers,
• analytics and advertising service providers,
• IT security, maintenance and development providers,
• legal, tax or accounting advisors,
• public authorities, courts or regulators where required by law.

Processors are required to process personal data only according to instructions and to protect personal data using appropriate technical and organizational measures.

12. International Data Transfers

Some personal data may be transferred to or accessed from countries outside the European Economic Area, including the United States of America, especially because the brand and website owner is Peptide Revolution LLC and because certain technology, analytics, payment, hosting or marketing service providers may be located outside the EEA.

Where personal data is transferred outside the EEA, appropriate safeguards are used where required, such as adequacy decisions, Standard Contractual Clauses, data processing agreements or other lawful transfer mechanisms.

13. Data Retention

Personal data is stored only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Data category	Typical retention period
Order and invoice data	For the period required by accounting, tax and commercial law.
Customer account data	For as long as the customer account exists, unless deletion is requested and no legal retention obligation applies.
Customer support communication	For the time necessary to resolve the request and protect legal claims.
Complaint and return data	For the time necessary to handle the claim and protect legal rights.
Marketing consent records	Until consent is withdrawn or for as long as necessary to prove lawful subscription.
Technical and security logs	For the time necessary for security, fraud prevention and troubleshooting.

After the retention period expires, personal data is deleted, anonymized or securely archived if required by law.

14. Security of Personal Data

We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, disclosure or destruction.

These measures may include access control, secure hosting, encrypted connections, password protection, limited employee or contractor access, security monitoring, backups and regular website maintenance.

No online system is completely risk-free. For this reason, you are also responsible for keeping your login credentials secure and for using secure devices and networks when accessing your customer account.

15. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making that would produce legal effects concerning you or similarly significantly affect you.

Basic marketing segmentation, such as grouping customers by purchase history or newsletter interaction, may be used to make communication more relevant, where legally permitted.

16. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

• Right of access: to obtain confirmation whether your personal data is processed and to receive a copy of it.
• Right to rectification: to request correction of inaccurate or incomplete personal data.
• Right to erasure: to request deletion of personal data where legal conditions are met.
• Right to restriction: to request restriction of processing in certain cases.
• Right to data portability: to receive personal data in a structured, commonly used and machine-readable format.
• Right to object: to object to processing based on legitimate interest, including direct marketing.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint: to contact a competent supervisory authority.

You may exercise your rights by contacting us at info@peptiderevolution.eu.

We may need to verify your identity before processing your request.

17. Supervisory Authority

As the main e-shop operator and seller is established in Hungary, you may contact the Hungarian supervisory authority:

You may also have the right to contact the data protection authority in your EU country of residence, place of work or place of alleged infringement.

18. Providing Personal Data

Providing personal data is voluntary. However, certain personal data is necessary to place an order, process payment, issue an invoice, deliver goods or respond to your request.

If you do not provide the required personal data, we may be unable to process your order, deliver goods, create a customer account or respond to your inquiry.

19. Accuracy of Personal Data

You are responsible for ensuring that the personal data you provide is accurate, complete and up to date. If your data changes, please update your customer account or contact us.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, especially due to changes in law, business operations, website functionality, service providers or data processing practices.

The current version of this Privacy Policy is always published on the E-shop.

21. Contact

For privacy-related questions, GDPR requests, complaints or withdrawal of consent, please contact:

This Privacy Policy is intended to provide transparent information about personal data processing in connection with the E-shop. It should be reviewed together with the General Terms and Conditions, Cookie Policy and any additional information shown during checkout or cookie consent.