1. Controller

Neopeps LLC is a limited liability company registered in the State of Wyoming, United States, and acts as the data controller within the meaning of Article 4(7) GDPR, where applicable.

Neopeps LLC
30 N Gould St Ste N
Sheridan, Sheridan County, WY 82801
United States
Email: info@neopeps.net
Website: https://neopeps.net

2. Scope of this Privacy Policy

This Privacy Policy explains how Neopeps LLC collects, uses, stores, and protects personal data in connection with the use of our website, our business communications, and the processing of orders.

This Privacy Policy applies to website visitors, business customers, and individuals acting on behalf of business customers, including company representatives, employees, authorized buyers, and contact persons.

Where personal data of individuals located within the European Union or European Economic Area is processed, such processing is governed by the GDPR where applicable.

3. Nature of Business

Neopeps LLC operates as a B2B supplier of research peptides. We do not sell to private consumers. However, in the course of our business operations, we may process personal data of individuals acting on behalf of business customers, such as business owners, company representatives, employees, or authorized contact persons.

4. Categories of Personal Data We Process

We may process the following categories of personal data:

• Company name
• Contact person name
• Business email address
• Business phone number, if provided
• Billing and shipping address
• VAT or tax information, if applicable
• Order details and payment-related information
• Communication data, including emails and inquiries
• IP address, browser and device information
• Website usage data and technical access data

We do not intentionally collect special categories of personal data within the meaning of Article 9 GDPR.

5. Purposes and Legal Bases of Processing

a) Website operation and technical security
We process technical data to operate our website securely and prevent misuse. Legal basis: Art. 6(1)(f) GDPR — legitimate interest.

b) Business communication
We process data you provide to respond to inquiries. Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.

c) Order processing
We process contact, billing, shipping, and order data to fulfill orders. Legal basis: Art. 6(1)(b) GDPR.

d) Payment processing
We accept bank wire transfer and cryptocurrency (via NOWPayments). Legal basis: Art. 6(1)(b) GDPR.

e) Invoicing, accounting, and legal obligations
We process billing and tax data to comply with legal retention obligations. Legal basis: Art. 6(1)(c) GDPR.

f) Shipping and fulfillment
We share shipping data with logistics partners to dispatch orders. Legal basis: Art. 6(1)(b) GDPR.

g) Fraud prevention and misuse detection
We may process order and technical data to detect fraud. Legal basis: Art. 6(1)(f) GDPR.

6. Website Hosting and Server Logs

Our website is hosted by external hosting providers. When you visit, certain technical data may be automatically processed including IP address, date and time of access, browser type, operating system, referrer URL, and error logs.

This data is processed to ensure website functionality, stability, and security. Legal basis: Art. 6(1)(f) GDPR.

7. WooCommerce and Online Orders

Our website uses WooCommerce to manage product listings, order forms, checkout processes, customer accounts, and order administration.

When an order is placed, the personal data required for processing is collected and stored, including business contact details, billing/shipping details, order details, payment status, and related communication. Legal basis: Art. 6(1)(b) GDPR.

8. Cookies and Similar Technologies

Our website uses cookies and similar technologies. Essential cookies are used for core functionality such as security, shopping cart, checkout, and session management. Legal basis: Art. 6(1)(f) GDPR.

Where non-essential or analytics cookies are used, they are only used where legally permitted or where consent has been obtained. Users may manage or disable cookies through their browser settings.

9. Jetpack

We may use Jetpack (Automattic Inc.) for website security, performance monitoring, downtime monitoring, and basic statistics. Jetpack may process technical data such as IP addresses, browser info, pages visited, and referrer data.

Data may be transferred to the United States. Legal basis: Art. 6(1)(f) GDPR. Where required, Jetpack features are only used with necessary consent.

10. Email Communication

If you contact us by email, we process your email address, name, company details, message content, and any additional information you provide — solely for handling your request and maintaining business correspondence. Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.

11. Data Sharing and Recipients

We only share personal data where necessary for operations, fulfillment, legal compliance, or protection of legitimate interests. Recipients may include:

• Hosting and IT service providers
• WooCommerce-related service providers
• Cryptocurrency payment processor (NOWPayments)
• Logistics and fulfillment partners / shipping carriers
• Email service providers
• Accounting, tax, and legal advisors
• Authorities, courts, or public bodies where legally required

Personal data is not sold to third parties.

12. Fulfillment and Logistics Partners

Shipping and fulfillment may be handled by logistics partners within the European Union. We share only the data necessary to deliver an order, including recipient name, company name, shipping address, contact details, and order details. Legal basis: Art. 6(1)(b) GDPR.

13. International Data Transfers

Neopeps LLC is established in the United States. Personal data may be transferred to and processed in the United States. Some service providers may also be located outside the EU/EEA.

Where personal data is transferred outside the EU/EEA, we take appropriate measures such as Standard Contractual Clauses or other legally recognized transfer mechanisms to ensure compliance with applicable data protection laws.

14. Data Retention

We retain personal data only as long as necessary for the purposes collected, or as required by legal, tax, accounting, or contractual obligations. Technical log files are retained only for a limited period. Once personal data is no longer required, it will be deleted or anonymized where reasonably possible.

15. Data Security

We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure — including secure hosting, access restrictions, encrypted connections, and internal access controls.

However, no method of transmission over the internet is completely secure. We cannot guarantee absolute security.

16. Your Rights Under GDPR

If the GDPR applies to the processing of your personal data, you have the following rights:

• Right of access — Art. 15 GDPR
• Right to rectification — Art. 16 GDPR
• Right to erasure — Art. 17 GDPR
• Right to restriction of processing — Art. 18 GDPR
• Right to data portability — Art. 20 GDPR
• Right to object — Art. 21 GDPR
• Right to withdraw consent at any time
• Right to lodge a complaint with a competent supervisory authority

To exercise your rights, contact us at: info@neopeps.net

17. Right to Object

Where personal data is processed based on legitimate interests under Art. 6(1)(f) GDPR, you have the right to object at any time on grounds relating to your particular situation. If you object, we will no longer process the data unless we can demonstrate compelling legitimate grounds, or unless processing is necessary for legal claims.

18. Withdrawal of Consent

Where processing is based on consent, you have the right to withdraw it at any time. The withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

19. Requirement to Provide Personal Data

Certain personal data is required to process orders, communicate with business customers, issue invoices, fulfill shipping, and comply with legal obligations. If required data is not provided, we may not be able to process an order or provide services.

20. Automated Decision-Making and Profiling

We do not use personal data for automated decision-making or profiling within the meaning of Article 22 GDPR.

21. No Sale of Personal Data

We do not sell personal data to third parties.

22. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, technical developments, or our business operations. The current version will always be available on this page.