Last Updated: January 1, 2025

At NeoCart, we are committed to ensuring the highest level of data protection and privacy for our users, customers, vendors, and partners. As part of our dedication to compliance, we adhere to the General Data Protection Regulation (GDPR) (EU) 2016/679, ensuring that personal data is collected, processed, stored, and shared in a lawful, fair, and transparent manner.

 

1. Our Commitment to GDPR Compliance

NeoCart implements rigorous data protection measures to align with GDPR principles, including:

  • Lawful Processing: We collect and process personal data only when we have a lawful basis, such as user consent, contractual necessity, or legitimate business interest.
  • Transparency & Control: We provide clear and detailed information about how user data is handled and empower users to control their personal data.
  • Data Security: We employ industry-standard encryption, access controls, and security protocols to protect personal data from unauthorized access or breaches.
  • Minimization & Retention: We collect only the necessary data required for our services and retain it only as long as legally or operationally required.
  • User Rights Enablement: We facilitate users’ rights under GDPR, including data access, rectification, portability, restriction, and deletion.

 

2. Types of Data We Process

We collect and process different types of personal data depending on user roles within NeoCart:

  • Customers (Buyers): Name, email, contact details, payment preferences, order history.
  • Vendors (Sellers): Business name, legal documentation, tax ID, banking details, product listings, order transactions.
  • Marketplace Owners/Admins: Account information, platform preferences, operational settings.
  • NeoCart Platform Visitors: IP address, device information, browsing patterns (via analytics and cookies).

All data processing is conducted in accordance with GDPR’s principles of purpose limitation, data accuracy, and security.

 

3. Legal Basis for Processing Personal Data

NeoCart processes personal data based on the following lawful grounds:

  • User Consent: When users opt-in for marketing communications or accept cookies.
  • Contractual Obligation: Processing required for fulfilling marketplace transactions and platform functionalities.
  • Legitimate Interest: Improving platform security, fraud prevention, and operational efficiency.
  • Legal Compliance: Adhering to tax regulations, AML (Anti-Money Laundering) requirements, and other legal obligations.

 

4. User Rights Under GDPR

NeoCart users based in the European Economic Area (EEA) have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request corrections to inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): Request deletion of your data, subject to legal retention obligations.
  • Right to Restriction of Processing: Request to limit how your data is used in certain scenarios.
  • Right to Data Portability: Request a structured, machine-readable copy of your data for transfer to another service.
  • Right to Object: Object to data processing based on legitimate interest or for direct marketing.
  • Right to Withdraw Consent: Withdraw previously given consent at any time without affecting prior lawful processing.

Users can exercise their rights by contacting [email protected].

 

5. Data Transfers & International Compliance

NeoCart operates globally and ensures that international data transfers comply with GDPR regulations. Where applicable, we use:

  • Standard Contractual Clauses (SCCs): For data transfers outside the EEA.
  • Adequacy Decisions: For transfers to countries recognized by the EU as having adequate data protection laws.
  • Secure Encryption & Safeguards: Ensuring compliance with regional data laws beyond the EU, such as the UK GDPR.

 

6. Data Protection Measures

We have implemented comprehensive security controls to safeguard personal data, including:

  • End-to-End Encryption: Protecting sensitive user data in transit and at rest.
  • Access Control & Authentication: Ensuring only authorized personnel access user data.
  • Regular Security Audits & Risk Assessments: Identifying and mitigating potential vulnerabilities.
  • Incident Response Plan: A structured approach to handling data breaches and notifying affected users as required under GDPR.

 

7. Data Retention & Deletion

We retain personal data only for as long as necessary to fulfill contractual and legal obligations. Once data is no longer required, we securely delete or anonymize it.

  • Transaction Data: Retained for legal, accounting, and fraud prevention purposes.
  • User Accounts: Data is deleted upon user request or account closure, subject to retention policies.
  • Cookies & Analytics Data: Users can manage and delete cookies via browser settings.

 

8. Third-Party Processors & Integrations

We work with carefully selected third-party service providers to enhance our platform, including:

  • Payment Processors: Stripe, PayPal, and others for secure transactions.
  • Hosting & Cloud Providers: Ensuring reliable infrastructure with GDPR-compliant partners.
  • Customer Support & Analytics Services: Assisting in improving user experience.

Each third party adheres to contractual data protection agreements aligned with GDPR standards.

 

9. Contact & Data Protection Officer (DPO)

For any GDPR-related inquiries or to exercise your data rights, contact our compliance team:

NeoCart Compliance Team
 [email protected]

By using NeoCart, you acknowledge and agree to our GDPR compliance measures, ensuring your data is handled with care and in accordance with European data protection laws.