Skip to main content

Privacy Policy

How we handle your personal data under the General Data Protection Regulation (GDPR).

Last updated: May 2026.

1. Controller

The controller responsible for processing your personal data within the meaning of art. 4 (7) GDPR is:
PulseRecover, PLACEHOLDER.
Email: privacy@pulserecover.eu.

2. Categories of personal data we collect (art. 13 (1) GDPR)

  • Customer data: name, email, shipping and billing addresses, phone (optional).
  • Order data: products purchased, order history, invoice address.
  • Communication data: messages you send through contact forms or via email.
  • Technical data: IP address, user-agent string, pages visited, referrer, device class.
  • Marketing data: only with your explicit opt-in (newsletter, abandoned cart).

3. Purposes and legal basis (art. 6 GDPR)

  • Order fulfilment and customer service - art. 6 (1) (b) (performance of a contract).
  • Compliance with bookkeeping and tax retention - art. 6 (1) (c) (legal obligation), up to 7 years.
  • Marketing emails to existing customers about similar products - art. 6 (1) (f) (legitimate interest), opt-out anytime.
  • Newsletter and onboarding to non-customers - art. 6 (1) (a) (consent), double-opt-in.
  • Fraud prevention - art. 6 (1) (f) (legitimate interest).

4. Recipients and processors (art. 28 GDPR)

We rely on the following data processors. Each is bound by a data-processing agreement (DPA):

  • Hosting & infrastructure: the website is hosted on EU-based servers.
  • Shipping: the carrier you select (DHL, GLS, DPD or similar). They receive name, address and phone only to deliver your order.
  • Email (transactional and newsletter): Resend (resend.com), used only to send order and newsletter emails you have requested.

We do not use third-party analytics or advertising/tracking services.

We do not sell personal data. No transfer to third countries outside the EEA without an appropriate safeguard under art. 46 GDPR.

5. Cookies

We only use strictly-necessary local storage to keep your cart and checkout working. We do not use statistics, advertising or tracking cookies. See our cookie notice for the full list.

6. Your rights (art. 15-21 GDPR)

  • Right of access (art. 15) - get a copy of your data.
  • Right to rectification (art. 16) - correct inaccurate data.
  • Right to erasure (art. 17) - "right to be forgotten".
  • Right to restriction (art. 18).
  • Right to data portability (art. 20) - receive your data in a machine-readable format.
  • Right to object (art. 21) - especially to direct-marketing processing.
  • Right to withdraw consent at any time without affecting prior processing.

To exercise these rights, email privacy@pulserecover.eu. You also have the right to lodge a complaint with the competent Data Protection Authority or the supervisory authority of your habitual residence.

7. Retention

Customer data is kept while needed for order fulfilment and support. Order data is kept for 7 years to comply with fiscal record-keeping. Marketing consent records are kept for 3 years after the last interaction.

8. Security

TLS 1.3 in transit, AES-256 at rest, scoped access for staff, principle of least privilege, continuous backup. Orders are processed and confirmed manually by our team.

9. Children

Our services are not directed at children under 16. We do not knowingly collect data from children.

10. Changes

We may update this policy. The date above reflects the most recent revision. Material changes will be announced by email or a prominent notice on the site.

11. Contact

For any privacy-related question, write to privacy@pulserecover.eu or by post to PulseRecover, PLACEHOLDER.