Privacy Policy
Last updated: July 2026
1. Controller
Controller within the meaning of the General Data Protection Regulation (GDPR):
Nelvix OΓ, TornimΓ€e tn 5, 10145 Tallinn, Estonia
Registrikood: 17535113 Β· VAT: EE102999501
Email: alpenpeptides@gmail.com
2. General Information
Protecting your personal data is important to us. We process personal data solely in accordance with the GDPR, the Estonian Personal Data Protection Act and other applicable regulations.
3. Collection and Processing of Personal Data
3.1 Visiting the Website
When you access our website, your browser automatically transmits information to our server (server log files): IP address, date and time of the request, time zone difference, content of the request, HTTP status code, amount of data transmitted, referrer URL, browser, operating system and its interface, language and version of the browser software.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technically flawless presentation and security).
Retention period: 30 days.
3.2 Orders in the Shop
To process contracts, we collect: first and last name, company, billing and shipping address, email address, phone number (optional), payment data and VAT ID for business orders.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (tax and commercial retention obligations).
Retention period: 7 years pursuant to the Estonian Accounting Act.
3.3 Newsletter
For the newsletter, we process your email address using the double opt-in procedure. You may unsubscribe at any time via the unsubscribe link in every email or by contacting us.
Legal basis: Art. 6(1)(a) GDPR (consent).
3.4 Contact Requests
When you contact us by email, your details will be stored for processing your request and in case of follow-up questions.
Legal basis: Art. 6(1)(b) or (f) GDPR.
4. Disclosure to Third Parties and Service Providers
Your data is only disclosed to third parties where necessary for contract performance or required by law.
4.1 Payment Processing (Stripe)
Card payments, Apple Pay and Google Pay are processed via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”). When you select a Stripe payment method, the data you entered during checkout (including name, address, email, payment data, IP address) is transmitted to Stripe. Legal basis: Art. 6(1)(b) GDPR (contract performance).
Stripe may transfer personal data to third countries outside the EU/EEA, in particular to the United States to its parent company Stripe, Inc. Such transfers are based on the EU Standard Contractual Clauses (Art. 46 GDPR) together with additional safeguards. More information: stripe.com/privacy.
4.2 Shipping Providers
For delivery of your order we transmit name and delivery address to the commissioned carrier (e.g. DHL, DPD, Austrian Post, Swiss Post). Legal basis: Art. 6(1)(b) GDPR.
4.3 Other Recipients
- Tax advisors and bookkeeping under statutory retention obligations (Art. 6(1)(c) GDPR)
- Hosting and technical service providers as data processors under Art. 28 GDPR
- Competent authorities where legally required
5. Cookies
We use exclusively strictly necessary cookies required to operate the shop (cart, session management, login status, language selection). These include cookies set by WooCommerce (e.g. woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_*) and Polylang for language switching.
Legal basis: Art. 6(1)(f) GDPR / Art. 5(3) ePrivacy Directive (strictly necessary cookies).
We do not use any analytics, tracking or marketing cookies. No data evaluation via Google Analytics, Meta Pixel, TikTok Pixel or similar services takes place. For details please refer to our Cookie Policy.
6. Your Rights
You have the right to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
- Withdrawal of consent (Art. 7(3) GDPR)
To exercise your rights, please contact alpenpeptides@gmail.com.
7. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority β in Estonia: Andmekaitse Inspektsioon (www.aki.ee) or the supervisory authority of your habitual residence.
8. Data Security
We use TLS/SSL encryption for data transmission. Payment data is transmitted exclusively encrypted to our payment service provider and is not stored by us.
9. Changes to this Privacy Policy
We reserve the right to adapt this privacy policy to reflect changes in the legal situation or changes to our services. The current version is always available on this page.