Privacy Policy

We collect the following categories of personal data:

Account Information:

• Name and email address
• Username and password (encrypted)
• Profile information you choose to provide
• Two-factor authentication data (if enabled)

Transaction Information:

• Shipping and billing addresses
• Phone number (for delivery purposes)
• Purchase and sale history
• Payment information (processed by our payment providers)

Seller Information:

• Business or organization details
• Bank account or payout information
• Identity verification documents (where required by payment providers)
• Tax identification numbers (where applicable)

Technical Information:

• IP address and device identifiers
• Browser type and version
• Operating system
• Referring URLs and browsing behavior on our Service
• Cookies and similar technologies (see Section 7)

Communication Data:

• Support tickets and customer service communications
• Messages between buyers and sellers
• Feedback and reviews

We process your personal data based on the following legal grounds under the GDPR:

• Contract Performance: Processing necessary to provide our Service, process transactions, and fulfill our contractual obligations to you.
• Legal Obligations: Processing required to comply with applicable laws, such as tax regulations, anti-money laundering requirements, and responding to legal requests.
• Legitimate Interests: Processing for our legitimate business interests, including fraud prevention, security, service improvement, and direct marketing (where you have not opted out).
• Consent: Where required by law, we obtain your consent for specific processing activities, such as certain marketing communications or optional cookies.

We use your personal data for the following purposes:

• To create and manage your account
• To facilitate transactions between buyers and sellers
• To process payments and payouts through our payment providers
• To provide customer support and respond to inquiries
• To send transactional communications (order confirmations, shipping updates, etc.)
• To detect, prevent, and investigate fraud, security breaches, and other prohibited activities
• To verify seller identity and compliance with our policies
• To resolve disputes between users
• To improve and optimize our Service
• To send marketing communications (with your consent or where permitted by law)
• To comply with legal obligations and enforce our Terms of Service
• To conduct analytics and research to improve user experience

We may share your personal data with the following categories of recipients:

Other Users:

• When you make a purchase, your shipping address is shared with the seller to fulfill the order.
• Seller display names and ratings are visible to buyers.

Service Providers:

• Payment processors (e.g., Stripe, PayPal) to process payments and payouts
• Cloud hosting providers to store and process data
• Analytics providers to help us understand usage patterns
• Customer support tools to manage inquiries
• Email service providers to send transactional and marketing emails
• Identity verification services for seller onboarding

Legal and Regulatory:

• Law enforcement agencies, courts, or regulators when required by law
• To protect our rights, property, or safety, or that of our users or others
• In connection with legal proceedings or investigations

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission (e.g., EU-US Data Privacy Framework)
• Binding Corporate Rules where applicable

You may request more information about our international transfer safeguards by contacting us at support@cardpeer.com.

We retain your personal data for as long as necessary to:

• Provide our Service and maintain your account
• Comply with legal obligations (e.g., tax records are retained for 7 years)
• Resolve disputes and enforce our agreements
• Prevent fraud and maintain security

When you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, unless we are required to retain it for legal purposes.

We use cookies and similar technologies for the following purposes:

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Shopping cart functionality

Functional Cookies:

• Remembering your preferences (language, currency)
• Localization settings

Analytics Cookies:

• Understanding how users interact with our Service
• Measuring performance and identifying areas for improvement
• We use PostHog for product analytics

You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may affect the functionality of our Service.

Under the GDPR and applicable data protection laws, you have the following rights:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure: You can request deletion of your personal data in certain circumstances.
• Right to Restriction: You can request that we limit how we use your data.
• Right to Data Portability: You can request your data in a structured, machine-readable format.
• Right to Object: You can object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at support@cardpeer.com. We will respond to your request within one month, as required by law.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or another supervisory authority in your country of residence.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Employee training on data protection

While we take reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We encourage you to use strong passwords and enable two-factor authentication on your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@cardpeer.com
• Address: Minefort.com B.V. (Cardpeer), Sloterweg 796, 1066 CN Amsterdam, the Netherlands
• Chamber of Commerce: 89383001

We aim to respond to all inquiries within a reasonable timeframe and in accordance with applicable data protection laws.