Last Updated: 1 January 2025

At NeoCart, we are committed to protecting the privacy of our users, clients, vendors, and partners to the highest standards. As part of that commitment, we ensure full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 to guarantee that personal data is collected, processed, stored, and shared lawfully, fairly, and transparently.

 

1. Our Commitment to GDPR Compliance

NeoCart follows strict data protection practices in accordance with GDPR principles, including:

  • Lawful Processing: We only collect and process personal data when there is a clear legal basis such as user consent, contractual necessity, or legitimate interest.

  • Transparency and Control: We provide users with clear information on how their data is used and allow full control over their personal information.

  • Data Security: We use modern security measures such as encryption, access control, and protective protocols to prevent unauthorised access.

  • Data Minimisation and Retention: We collect only what is necessary and retain data for the legally or operationally required duration.

  • User Rights Enablement: Users are empowered to exercise their GDPR rights, including data access, correction, transfer, restriction, and deletion.

 

2. Types of Data We Process

We collect and process personal data based on the user’s role within the NeoCart platform:

  • Buyers: Name, email, contact details, payment preferences, and order history.

  • Vendors: Business name, legal documents, tax ID, bank details, product and transaction information.

  • Marketplace Owners and Admins: Account data, platform preferences, and operational settings.

  • Visitors: IP address, device data, and browsing behaviour (via analytics and cookies).

All processing aligns with transparency, accuracy, and security principles.

 

3. Legal Bases for Data Processing

NeoCart processes personal data under the following legal bases:

  • User Consent: For newsletters, marketing, and cookie acceptance.

  • Contractual Necessity: To execute transactions and deliver platform features.

  • Legitimate Interest: To enhance platform security, prevent fraud, and improve operations.

  • Legal Compliance: For tax regulations, anti-money laundering (AML), and other legal requirements.

 

4. Your Rights Under GDPR

Users in the European Economic Area (EEA) have the right to:

  • Access: Request a copy of their personal data stored with us.

  • Correction: Request edits to inaccurate or incomplete data.

  • Erasure (Right to Be Forgotten): Request data deletion, subject to legal retention obligations.

  • Restriction: Request limits on data usage in certain scenarios.

  • Data Portability: Receive their personal data in a machine-readable format.

  • Objection: Object to data use for legitimate interest or direct marketing.

  • Withdraw Consent: Revoke consent at any time without affecting prior processing.

To exercise these rights, contact us at: [email protected]

 

5. International Data Transfers

NeoCart operates globally and ensures that all international data transfers are compliant with GDPR. Where applicable, we use:

  • Standard Contractual Clauses (SCCs): To safeguard data transfers outside the EEA.

  • Adequacy Decisions: For countries recognised by the European Commission as offering adequate data protection.

  • Encryption and Security Measures: To comply with GDPR and related local regulations such as UK GDPR.

 

6. Data Protection Measures

Our strict data protection practices include:

  • End-to-End Encryption: Secures data during transfer and storage.

  • Access Controls and Authentication: Restricts data access to authorised personnel only.

  • Regular Security Audits: To detect and address vulnerabilities.

  • Incident Response Plan: To manage breaches and notify users as required.

 

7. Data Retention and Deletion Policy

We retain personal data only as long as necessary to fulfil legal and operational requirements:

  • Transaction Data: Retained for compliance, accounting, and fraud prevention.

  • User Accounts: Deleted upon request or account closure, respecting retention policies.

  • Cookies & Analytics: Controlled via browser settings by the user.

 

8. Third-Party Processors and Integrations

We work with third-party providers to enhance NeoCart’s functionality, including:

  • Payment Gateways: Such as Stripe and PayPal for secure transactions.

  • Hosting and Cloud Services: For reliable GDPR-compliant infrastructure.

  • Customer Support and Analytics Tools: To improve user experience.

All partners operate under data processing agreements that meet GDPR requirements.

 

9. Contacting Our Compliance Team

For any questions regarding GDPR or to exercise your rights, contact:

NeoCart Compliance Team
[email protected]

By using NeoCart, you acknowledge and agree to our GDPR compliance practices designed to safeguard your data under European data protection law.