Privacy & Cookie Policy

Last updated: 3 May 2026

This Privacy and Cookie Policy explains how Peaksta B.V. ("Peaksta", "we", "us", or "our") collects, uses, shares, and protects your personal information when you visit peaksta.com, place an order, sign up for our marketing communications, contact our support team, or otherwise interact with our products and services.

This document combines our Privacy Policy and Cookie Policy. If you are looking specifically for information about cookies and tracking technologies, please see Section 6.

By using our website or placing an order with us, you agree to the practices described in this policy. If you do not agree, please do not use our website or services.

1. Who We Are

Peaksta B.V. is a private limited liability company incorporated under the laws of the Netherlands. We are the data controller responsible for the personal information described in this policy.

You can reach us at hello@peaksta.com for any questions about this policy or to exercise your privacy rights.

2. Quick Summary

For those who want the short version:

  • We collect the information needed to fulfil your orders, run our website, send you marketing if you've opted in, and improve our products.
  • We use trusted third-party service providers to help us operate, including platforms for hosting, payments, marketing, analytics, and shipping.
  • We never sell your personal information.
  • You have the right to access, correct, delete, or limit our use of your data.
  • To exercise any of these rights, email hello@peaksta.com or visit our GDPR portal at peaksta.com/pages/gdpr.

The full details follow below.

3. Information We Collect

3.1 Information You Provide Directly

When you interact with our services, we collect information you give us directly, including:

  • Contact details: name, email address, phone number, shipping address, billing address
  • Order information: items purchased, order value, payment confirmation, delivery preferences
  • Account information (if you create an account): username, password (stored encrypted), order history, saved preferences
  • Customer support communications: the content of messages you send us, including emails, contact form submissions, and social media interactions
  • Reviews and user-generated content: product reviews, photos, testimonials, and any content you submit on third-party platforms
  • Marketing preferences: subscription status for email and SMS communications, interests, and product preferences
  • Survey responses: feedback you provide through post-purchase surveys, polls, or research requests

3.2 Information Collected Automatically

When you visit our website, certain information is collected automatically through cookies, pixels, and similar technologies, including:

  • Device and browser information: device type, operating system, browser type and version, screen resolution, language settings
  • Network information: IP address, approximate geographic location (country, region, city), internet service provider
  • Usage data: pages visited, time spent on pages, scroll depth, clicks, referring website, search terms, products viewed, items added to cart, checkout behaviour
  • Identifiers: cookie IDs, device IDs, advertising IDs

For full details on which cookies and tracking technologies we use and how to manage them, see Section 6.

3.3 Information from Third Parties

We may also receive information about you from:

  • Payment processors: payment confirmation, fraud screening results
  • Shipping carriers: delivery status, tracking events, signature confirmations
  • Marketing and advertising platforms: conversion data, audience attributes, engagement metrics
  • Review platforms: reviews and ratings you publish
  • Marketplaces: if you purchase from us via a third-party marketplace, the marketplace shares limited fulfilment information with us

3.4 Sensitive Personal Information

We do not knowingly collect or process sensitive personal information such as government-issued ID numbers, racial or ethnic origin, religious beliefs, health information, biometric data, or precise geolocation data, except where strictly necessary (for example, IP address for fraud prevention).

4. How We Use Your Information

4.1 To Provide Our Services and Fulfil Your Orders

  • Process and fulfil orders, including payment, shipping, and returns
  • Communicate with you about your order (confirmations, shipping updates, delivery, returns)
  • Manage your account, if you have one
  • Provide customer support
  • Verify your identity and prevent fraud

Legal basis (where GDPR or UK GDPR applies): performance of a contract with you.

4.2 To Run, Improve, and Secure Our Website

  • Analyse how visitors use our website
  • Diagnose technical issues, improve performance, and prevent abuse
  • Test new features and product improvements
  • Detect and prevent fraudulent activity, security incidents, and policy violations

Legal basis (GDPR/UK GDPR): legitimate interests (running a secure, functional website).

4.3 To Market and Advertise Our Products

  • Send you marketing emails about new products, promotions, and content (where you have opted in or where permitted by law)
  • Send you SMS or text marketing communications (where you have opted in)
  • Show you advertisements on third-party social media and search platforms based on your interactions with us
  • Build audiences for advertising, including lookalike audiences derived from existing customers
  • Measure the effectiveness of our marketing campaigns

Legal basis (GDPR/UK GDPR): consent for marketing emails and SMS; legitimate interests for analytics, retargeting, and conversion measurement.

You can opt out of marketing communications at any time. See Section 9.

4.4 To Comply With Legal Obligations

  • Comply with tax, accounting, and consumer protection laws
  • Respond to lawful requests from public authorities
  • Establish, exercise, or defend legal claims
  • Protect our intellectual property and other rights

Legal basis (GDPR/UK GDPR): legal obligation; legitimate interests (defending legal claims).

5. Who We Share Your Information With

We do not sell your personal information. We share it only with the following categories of recipients, who process it on our behalf or for their own legitimate purposes as described:

  • E-commerce and hosting platform providers: provide our website infrastructure, order management, and checkout functionality
  • Payment processors: process payments, handle refunds, and screen for fraud
  • Email and SMS marketing platforms: deliver our marketing and transactional communications and manage subscriber preferences
  • Advertising platforms: deliver targeted advertising, build audiences, and measure campaign effectiveness across social media and search platforms
  • Web analytics providers: help us understand website performance, traffic patterns, and user behaviour
  • Cookie consent and compliance providers: manage your cookie preferences and process data subject requests on our behalf
  • Fulfilment and warehouse partners: receive, pack, and dispatch your orders
  • Shipping carriers and postal services: deliver your orders and provide tracking information
  • Review and feedback platforms: collect and display customer reviews and feedback
  • Customer support tools: help us manage and respond to customer enquiries
  • Internal collaboration and productivity tools: used by our team to operate the business
  • Professional advisors: legal, accounting, tax, and compliance advisors who assist us in running our business

We require all service providers to handle your data in accordance with applicable law and only for the purposes we specify.

While we describe our service providers in categories above, we maintain detailed internal records of the specific organisations we share data with. If you would like more specific information about who has received your personal data, you can request this by contacting hello@peaksta.com as part of a data subject access request.

5.1 Business Partners

We may share aggregated or de-identified data with business partners, advertisers, and analytics providers. This data does not directly identify you.

5.2 Legal and Safety Disclosures

We may disclose your information when we believe in good faith that disclosure is necessary to:

  • Comply with a legal obligation, court order, or lawful request from public authorities
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of Peaksta B.V., our customers, or others
  • Investigate or prevent fraud, security incidents, or illegal activity

5.3 Business Transfers

If Peaksta B.V. is involved in a merger, acquisition, financing, or sale of all or part of its business, your personal information may be transferred to the new entity as part of that transaction. We will notify you and provide choices where required by law.

6. Cookies and Tracking Technologies

This section explains what cookies and similar technologies are, how we use them on peaksta.com, and how you can manage your preferences.

6.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They make websites work efficiently, remember preferences, and provide information to website operators.

In this section, "cookies" also covers similar technologies including pixels, web beacons, local storage, software development kits (SDKs), and device identifiers.

6.2 Why We Use Cookies

We use cookies to:

  • Operate our website: enable core functions like the shopping cart, checkout, and login
  • Remember your preferences: language, currency, recently viewed products, and similar settings
  • Understand how visitors use our site: which pages are popular, where visitors come from, and how to improve performance
  • Deliver and measure advertising: show you relevant ads on our website and on other websites you visit, and measure how well our marketing campaigns perform
  • Detect fraud and protect security: identify unusual activity and prevent abuse

6.3 Categories of Cookies We Use

Strictly Necessary Cookies (always active)

Essential for the website to function. Without them you cannot add items to your cart, complete a purchase, or log in. These cookies do not require your consent and cannot be disabled.

Examples: shopping cart maintenance, secure session management, login persistence, language and currency selection, fraud prevention.

Performance and Analytics Cookies (consent-based)

Help us understand how visitors interact with our site by collecting anonymous or aggregated information. We use this data to improve site performance, fix bugs, and design better user experiences.

Functional Cookies (consent-based)

Enable enhanced functionality and personalisation, such as remembering your country and currency, showing recently viewed products, personalising recommendations, and storing wishlist items between visits.

Marketing and Advertising Cookies (consent-based)

Used to track visitors across websites to deliver relevant advertising, measure campaign effectiveness, and limit how often you see the same ad. These are set by us and by trusted advertising and social media partners.

6.4 First-Party vs. Third-Party Cookies

  • First-party cookies are set by Peaksta directly. We use them for essential site functions, your preferences, and our own analytics.
  • Third-party cookies are set by other companies whose services are integrated into our website (analytics, advertising, payments, reviews). These are governed by the privacy policies of those third parties, in addition to this policy.

6.5 Managing Your Cookie Preferences

Through our cookie consent banner

When you first visit peaksta.com, our cookie consent banner gives you the option to accept all cookies, reject non-essential cookies, or customise your preferences by category. You can revisit your cookie preferences at any time through the cookie settings option on our website.

Your choices are stored as a consent record and respected on subsequent visits, unless you clear your cookies or use a different device or browser.

Through your browser settings

Most browsers allow you to view, delete, or block cookies, and to be notified when a cookie is being set:

  • Chrome: Settings → Privacy and Security → Cookies and other site data
  • Safari: Preferences → Privacy
  • Firefox: Settings → Privacy & Security
  • Edge: Settings → Cookies and site permissions
  • Mobile browsers: usually under Settings → Privacy

Disabling all cookies will prevent core functions of our website from working.

Through industry opt-out tools

For interest-based advertising, you can opt out across multiple advertisers at once:

  • United States: youradchoices.com
  • European Union and United Kingdom: youronlinechoices.eu
  • Cross-platform: aboutads.info
  • Mobile devices: enable "Limit Ad Tracking" (iOS) or "Opt out of Ads Personalization" (Android)

Through platform settings

Major advertising platforms also provide preference centres where you can manage how your data is used for advertising, accessible through your account settings on those platforms.

6.6 Do Not Track and Global Privacy Control

There is currently no industry standard for how websites should respond to "Do Not Track" (DNT) browser signals, so we do not change our practices specifically in response to them. We rely on the cookie consent mechanisms above to respect your privacy preferences.

For California residents, our Global Privacy Control (GPC) support is configured through our cookie consent platform where applicable.

6.7 How Long Cookies Last

  • Session cookies expire when you close your browser
  • Persistent cookies remain on your device for a set period (from a few minutes up to 24 months) or until you delete them

Specific durations vary by cookie. You can view individual cookie details and durations through our cookie consent banner.

7. Marketing Communications

7.1 Email Marketing

We send marketing emails only to people who have opted in by subscribing to our newsletter, signing up at checkout, or entering a giveaway or promotion. You can unsubscribe at any time using the link at the bottom of every marketing email, or by contacting hello@peaksta.com.

7.2 SMS and Text Marketing

If you opt in to SMS marketing, we may send you promotional text messages about products, offers, and content. Message and data rates may apply. Frequency varies but typically does not exceed several messages per month. To unsubscribe, reply STOP to any message, or contact hello@peaksta.com.

For US recipients, our SMS programme complies with the Telephone Consumer Protection Act (TCPA), the CTIA Messaging Principles and Best Practices, and applicable state laws.

7.3 Push Notifications and In-App Messages

If we offer push notifications or in-app messaging, you can opt in or out at any time through your device or browser settings.

7.4 Advertising

We use third-party social media and search platforms to advertise to you based on your interactions with our website, our content, and audiences we create. You can manage advertising preferences through industry opt-out tools and platform settings, as described in Section 6.5.

8. International Data Transfers

Peaksta B.V. is based in the Netherlands. Some of our service providers and partners are based in countries outside the European Economic Area (EEA), including the United States, the United Kingdom, Singapore, and other regions where we conduct business.

When we transfer personal information outside the EEA, the United Kingdom, or other regions with their own data protection laws, we use one or more of the following safeguards:

  • EU Standard Contractual Clauses (SCCs) with our service providers
  • UK International Data Transfer Agreement (IDTA) for transfers from the United Kingdom
  • Adequacy decisions issued by the European Commission for countries deemed to provide adequate data protection
  • Other valid transfer mechanisms as recognised by applicable law

For customers in Singapore, Malaysia, the Philippines, Australia, and New Zealand, transfers are made in compliance with the cross-border data transfer requirements of your country's data protection law.

9. Your Rights and Choices

Your rights depend on where you live. The following rights may be available to you:

9.1 Rights Available Across Most Jurisdictions

  • Right to access: request a copy of the personal information we hold about you
  • Right to correct: ask us to correct or update inaccurate or incomplete information
  • Right to delete: ask us to delete your personal information (subject to certain exceptions)
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time
  • Right to opt out of marketing: stop receiving marketing emails, SMS, or other communications

9.2 Additional Rights for EU and UK Residents (GDPR / UK GDPR)

  • Right to object to certain types of processing
  • Right to restrict processing in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right not to be subject to fully automated decision-making that produces legal or similarly significant effects
  • Right to lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

9.3 Additional Rights for California Residents (CCPA / CPRA)

  • Right to know what personal information we have collected, used, disclosed, or sold
  • Right to delete personal information we have collected from you
  • Right to correct inaccurate personal information
  • Right to opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising. We do not sell personal information for monetary value, but our use of advertising cookies and pixels may qualify as "sharing" under California law. To opt out, contact hello@peaksta.com or use the cookie consent banner on our website.
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your privacy rights

We do not knowingly sell or share the personal information of consumers under 16 years of age.

9.4 Rights for Other US State Residents

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or other US states with comprehensive privacy laws, you may have rights similar to those listed above. Please contact hello@peaksta.com to exercise them.

9.5 Rights for Singapore, Malaysia, Philippines, Australia, and New Zealand Residents

Your rights under your local data protection law generally include access, correction, withdrawal of consent, and the right to lodge a complaint with your national data protection authority. Contact hello@peaksta.com for assistance.

10. How to Exercise Your Rights

You can exercise most of your privacy rights through our GDPR portal at peaksta.com/pages/gdpr, where you can submit requests to access, correct, port, or delete your data.

You can also email hello@peaksta.com with your request. Please:

  1. Tell us which right you want to exercise
  2. Provide enough information for us to identify your account or order (full name, email used at checkout, recent order number)
  3. Allow us to verify your identity before processing the request, particularly for access or deletion requests

We will respond within the timeframe required by applicable law (typically 30 days, with possible extensions for complex requests).

You may also designate an authorised agent to make a request on your behalf. We will require proof of authorisation.

We do not charge a fee for exercising your rights, except where requests are excessive or manifestly unfounded.

11. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

Data Type Retention Period
Order and transaction records 7 years (for tax, accounting, and consumer protection compliance under Dutch law)
Account information Until you delete your account, plus a reasonable archival period
Customer support communications 3 years from last interaction
Marketing engagement data (email opens, clicks, SMS engagement) 2 years from last engagement
Newsletter subscriptions Until you unsubscribe, then deleted within 90 days
Website analytics data Up to 26 months
Cookies and tracking identifiers Varies by cookie (session to 24 months)
Backup data Up to 90 days after deletion from primary systems

When personal information is no longer needed, we securely delete or anonymise it.

12. Security

We take reasonable technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest where applicable
  • Access controls and authentication requirements for staff
  • Regular security reviews of our systems and service providers
  • Use of trusted, certified service providers (PCI DSS compliant payment processors, SOC 2 audited platforms)

No system is 100% secure, and we cannot guarantee absolute security of information transmitted over the internet. If you believe your account or data has been compromised, please contact us immediately at hello@peaksta.com.

13. Children's Privacy

Our website and services are not directed to children. We do not knowingly collect personal information from:

  • Children under 13 years old in the United States and other jurisdictions where this is the relevant age threshold under applicable law (such as COPPA)
  • Children under 16 years old in the European Union, United Kingdom, and other GDPR-style jurisdictions

If you are a parent or guardian and believe we have collected personal information from your child, please contact hello@peaksta.com and we will promptly delete the data.

14. Third-Party Websites and Links

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of those sites. When you leave our website, we encourage you to read the privacy policy of any other site you visit.

Information you share on third-party platforms (social media, marketplaces, review sites) is governed by the privacy policies of those platforms.

15. Automated Decision-Making

We do not use solely automated decision-making (without human involvement) that produces legal or similarly significant effects on you. Some processing activities, such as fraud screening, may involve automated checks, but final decisions on order acceptance, cancellation, or refusal involve human review.

16. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Post the revised policy on our website
  • Notify you by email or other reasonable means if the changes significantly affect how we use your data

We encourage you to review this policy periodically.

17. Contact Us

If you have any questions, concerns, or requests regarding this policy or our data practices, please contact us:

Peaksta B.V.
Email: hello@peaksta.com
GDPR Portal: peaksta.com/pages/gdpr

We aim to respond to privacy-related enquiries within 24 hours on business days, and to formal data subject requests within the period required by applicable law.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl.