Privacy Policy
Effective as of January 1, 2026. Last updated: March 2026. GDPR-compliant data protection for EU residents.
1. Introduction
Pepcore B.V. (KvK: 98680099) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information you provide when using our website and services. We comply with the EU General Data Protection Regulation (GDPR) and Dutch data protection laws.
2. What Data We Collect
We collect information you voluntarily provide: name, email address, phone number, shipping address, billing address, and payment information. We also collect technical data: IP address, browser type, pages visited, and time spent on site (via analytics). Cookies help us understand user behavior and improve our service.
3. How We Use Your Data
Your data is used to: process and fulfill orders, communicate with you about your purchase, provide customer support, send newsletters (with your consent), improve our website and services, and comply with legal obligations. We never use your data for marketing purposes without explicit opt-in consent.
4. Data Storage & Security
We use industry-standard encryption (SSL/TLS) to protect your data during transmission. Your data is stored on secure servers with restricted access. Payment information is processed by encrypted third-party payment providers (SEPA, NOWPayments, PayPal) and is not stored on our servers.
5. Data Retention
Order data is retained for 7 years to comply with Dutch tax and legal requirements. Customer contact data is retained for 2 years after your last interaction. You may request deletion of non-essential personal data at any time. Legally-mandated records are retained as required by law.
6. Third-Party Sharing
We do not sell or rent your personal data. We only share data with essential service providers: payment processors, shipping carriers, and cloud hosting providers. All third parties are contractually obligated to protect your data and comply with GDPR. We do not share data with non-EU entities without appropriate safeguards.
7. International Transfers
Pepcore operates in the Netherlands and primarily processes data within the EU. Any data transfers outside the EU are protected by Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) as required by GDPR.
8. Your Rights Under GDPR
You have the right to: access your personal data (data subject access request), correct inaccurate data, delete your data (right to be forgotten), restrict processing, receive your data in portable format (data portability), and object to processing. To exercise these rights, contact us at info@pepcore.net.
9. Cookies & Tracking
We use essential cookies to maintain your session and provide core functionality. We use optional analytics cookies (Google Analytics) to understand user behavior and improve our service. You can disable cookies in your browser settings, though this may limit functionality. We respect Do Not Track (DNT) signals and do not engage in tracking across third-party sites.
10. Children's Privacy
Our services are not intended for users under 18 years of age. We do not knowingly collect data from minors. If we discover a minor has provided data, we will promptly delete it.
11. Security Measures
We implement technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. This includes firewalls, encryption, regular security audits, and staff training. However, no system is 100% secure, and we cannot guarantee absolute security.
12. Data Breaches
In the event of a confirmed data breach affecting personal data, we will notify affected individuals within 72 hours as required by GDPR, unless the risk is low. Our legal and privacy team will cooperate with relevant authorities.
13. Contact & Data Protection Officer
For privacy questions or to exercise your GDPR rights, contact us at info@pepcore.net. You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated.
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent notice on our website. Continued use of our services after changes constitutes acceptance.