Privacy Policy

1. INTRODUCTION & DATA CONTROLLER

Astrea Lab ("we", "our", or "us") respects your privacy and is strictly committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This Privacy Policy explains how we collect, use, and safeguard your information when you visit astrealab.nl or purchase our research reagents. The Data Controller responsible for your personal data is Astrea Lab, operating under the jurisdiction of the Netherlands.

2. THE DATA WE COLLECT

To provide our B2B research supply services, we collect the following types of data:

• Identity & Contact Data: First name, last name, email address, delivery address, and billing address.
• Professional Data: Laboratory affiliation, institution name, or company details (if provided during registration or checkout).
• Financial Data: Payment processing information. Note: We do not store raw credit card numbers; all transactions are processed via secure, encrypted, compliant third-party gateways.
• Technical & Usage Data: IP address, browser type, time zone setting, and data regarding your interaction with our website and email campaigns (e.g., via Resend).

3. HOW WE USE YOUR DATA (LEGAL BASIS FOR PROCESSING)

We will only use your personal data when the law allows us to. Most commonly, we process your data under the following legal bases:

• Contractual Necessity: To process and deliver your order, manage payments, and provide customer support regarding your shipment.
• Consent: To send you updates regarding batch releases, Janoshik analytical reports, and waitlist notifications. You may withdraw this consent at any time by clicking "unsubscribe" in our emails.
• Legitimate Interest: To improve our website, monitor technical performance, and prevent fraud.
• Legal Obligation: To comply with Dutch and EU tax, accounting, and chemical distribution regulations.

4. DATA SHARING AND THIRD PARTIES

We do not and will never sell your personal data. We only share data with essential third-party service providers required to operate our business, including:

• Logistics and courier partners: For cold-chain delivery.
• Secure payment gateways: For transaction processing.
• Email service providers: e.g., Resend, used for transactional and waitlist communications. All third parties are vetted for GDPR compliance and are prohibited from using your data for any other purpose.

5. DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for. By law, we are required to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for tax and accounting purposes for a minimum of seven years.

6. YOUR GDPR RIGHTS

Under the GDPR, you have the right to:

• Access: Request access to your personal data.
• Rectification: Request correction of incomplete or inaccurate data.
• Erasure: Request erasure of your personal data ("Right to be forgotten"), subject to our legal retention obligations.
• Objection: Object to processing of your personal data.
• Restriction: Request the restriction of processing.
• Portability: Request the transfer of your personal data to another party.

To exercise any of these rights, please contact us at [email protected].

7. DATA SECURITY

We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed (including SSL encryption and secure server hosting).

8. COOKIES

Our website uses essential cookies to function properly (e.g., maintaining your session or waitlist status) and analytical cookies to understand website traffic. You can set your browser to refuse all or some browser cookies, but this may affect website functionality.