Privacy Policy
Last updated: September 10, 2025
At Certified-Pep (“we,” “us,” “our”), your privacy matters. This Policy explains what we collect, how we use it, and the choices you have when you use our website and services (the “Site”). By using the Site, you agree to this Policy.
Controller: Certified-Pep is the controller of personal data collected through this Site.
This Policy covers visitors, account holders, and customers. It does not apply to third-party websites linked from our Site.
1) Information We Collect
Data you provide
- Account details (name, email, password).
- Order & checkout details (billing/shipping info, email/phone).
- Support messages, forms, reviews, or survey responses.
- Newsletter opt-ins and marketing preferences.
Data we collect automatically
- Device & browser info (IP address, user agent, language).
- Usage data (pages viewed, clicks, referring URLs, session duration).
- Approximate location derived from IP (city/region level).
- Cookies, local storage, and similar technologies (see Cookies).
Sensitive data
We do not request or store protected health information, government IDs, or full payment card numbers. Payments are processed securely by our payment partners.
2) How We Use Your Information
- Provide the Service: create/manage accounts, process orders, deliver products, and provide customer support.
- Improve & secure: monitor performance, fix bugs, prevent fraud/abuse, maintain the Site.
- Communicate: transactional emails (orders, shipping, account), and—if you opt in—newsletters and promotions. You can unsubscribe anytime.
- Compliance: tax/accounting, legal obligations, and enforcing our terms.
Legal bases (EU/UK): contract performance, legitimate interests (running/defending the business, security, improvement), consent (marketing, non-essential cookies), and legal obligation.
3) Cookies & Similar Technologies
What we use
- Essential: site operation, cart, checkout, login.
- Analytics: measure traffic and performance.
- Preferences: remember settings and choices.
- Marketing: only if enabled by you (e.g., email tracking pixels or ad tags).
Your control: manage or disable cookies in your browser. Where required, we will ask for consent for non-essential cookies. We honor GPC (Global Privacy Control) signals as an opt-out for sale/sharing where applicable.
4) Data Security
We use industry-standard protections including TLS/SSL encryption in transit, hardened hosting, access controls, and routine updates. No method of transmission or storage is 100% secure; if we become aware of a data incident affecting you, we will notify you and regulators as required by law.
5) When We Share Information
We do not sell your personal information. We share limited data with trusted service providers who help us operate the Site. They may only use it to perform services for us, and must protect it.
Common processors
- Payment processing: e.g., Stripe, PayPal (we don’t store full card numbers).
- Email & messaging: e.g., Brevo (transactional & opted-in marketing).
- Shipping & fulfillment: e.g., carriers and logistics platforms.
- Analytics & infrastructure: web hosting/CDN, error monitoring, site analytics.
We may also disclose information if required by law, to protect rights/safety, or in connection with a corporate transaction (e.g., merger or acquisition).
6) Data Retention
- Account & order records: kept as long as your account is active and as needed for tax/accounting, fraud prevention, and legal obligations (often 5–7 years for orders/invoices).
- Support messages: retained as needed to resolve issues and improve service.
- Marketing data: until you unsubscribe or request deletion, or after inactivity for a reasonable period.
When data is no longer required, we delete or de-identify it.
7) Your Rights & Choices
Global rights
- Access a copy of your personal data.
- Correct inaccurate or incomplete data.
- Delete your data, subject to legal obligations.
- Portability (receive your data in a portable format, where applicable).
- Withdraw consent (e.g., marketing).
- Object/Restrict certain processing based on our legitimate interests.
US State privacy (e.g., CA/CPRA, CO, CT, UT, VA)
- Right to know, access, correct, delete, and portability.
- Right to opt-out of targeted advertising, sale, or profiling. We do not sell personal information and do not share it for cross-context behavioral advertising.
- California: we honor browser-based opt-out signals (GPC). You will not receive discriminatory treatment for exercising your rights.
How to exercise your rights: email [email protected] with “Privacy Request” in the subject. We may need to verify your identity. Authorized agents may submit requests as permitted by law.
EU/UK users: you also have the right to lodge a complaint with your local supervisory authority.
8) International Transfers
We are US-based and may process data in the United States and other countries. When we transfer personal data from the EU/UK/EEA to countries without an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) or equivalent mechanisms.
9) Children’s Privacy
Our Site is for adults (18+). We do not knowingly collect data from minors. If you believe a minor has provided information, contact us and we will delete it.
10) Changes to this Policy
We may update this Policy to reflect changes to our practices or applicable laws. Updates will be posted here with a new “Last updated” date. Material changes will be highlighted or communicated where required.
11) Contact
Questions or requests? Email us at [email protected].
