◆ 3rd-party tested◆ EU shipping 🇪🇺◆ Discreet delivery
‹ Legal

Privacy & GDPR

Last updated 2026-07-08

This notice explains how Monkey Peps Lda collects and processes personal data. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Portuguese data-protection law.

1. Controller

The data controller is Monkey Peps Lda, Rua Example 12, 1000-001 Lisboa. For any privacy request, contact privacy@monkeypeps.com.

2. Personal data we collect

Depending on how you use the site, we may process:

  • identity and contact details (name, email, shipping and billing address, phone);
  • business details for institutional buyers, including institution name and VAT number;
  • order, quote, and invoice records, including PO numbers and payment references (we do not collect or store card details);
  • research-use and age self-attestation records, including the declaration accepted, timestamp, and technical metadata such as IP address and user agent;
  • correspondence you send us; and
  • cookie and usage data, as described in our Cookie Policy.

3. Purposes and legal bases

We process personal data on the following bases (GDPR Article 6):

  • performance of a contract — to process orders, take payment, and provide documentation and support;
  • compliance with a legal obligation — to issue and retain VAT invoices and to maintain research-use attestation records;
  • our legitimate interests — to prevent fraud and misuse, secure the service, and improve our products (balanced against your rights); and
  • consent — for non-essential analytics or marketing cookies, which you may withdraw at any time.

4. Recipients and processors

We share personal data only as necessary with service providers acting on our instructions and with authorities where legally required:

  • our bank and payment institutions (to reconcile bank transfers);
  • shipping and logistics carriers (to fulfil delivery);
  • our transactional email provider and hosting/infrastructure providers;
  • professional advisers (e.g. accountants, auditors, lawyers); and
  • competent authorities where we are legally required to disclose.

5. International transfers

Where a processor is located outside the European Economic Area, we rely on an adequacy decision or appropriate safeguards (such as the European Commission’s Standard Contractual Clauses). We do not sell personal data.

6. Retention

We keep personal data only as long as necessary. Invoices, tax records, and research-use attestation records are retained for the periods required by tax and record-keeping law; account and marketing-consent data are kept until you ask us to delete them or you withdraw consent, subject to the same legal-retention exceptions.

7. Your rights

Subject to conditions in the GDPR, you have the right to:

  • access your personal data and receive a copy;
  • have inaccurate data corrected and, in certain cases, erased;
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent at any time (without affecting prior processing); and
  • lodge a complaint with the Portuguese supervisory authority (Comissão Nacional de Proteção de Dados, CNPD) or your local authority.

8. Automated decisions and security

We do not carry out solely automated decision-making that produces legal or similarly significant effects. We apply appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit, and least-privilege handling of documents.

9. Changes

We may update this notice; the version in force is the one published here, identified by its “last updated” date.

⚠ For laboratory & research use only. Not for human or animal consumption.