Applicable as of 21 September 2022
Please read the following carefully to understand our practices regarding your personal data and how we will collect, use and disclose your personal data. If you have any questions about how we process your personal data specifically or if you wish to submit an application for exercising your rights related to processing your personal data, please contact us through the contact information provided in the section "Contacts" below.
What is personal information?
Personal information is typically data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information that is collected about you automatically, and information we obtain from third parties. For example, email address, name, order information, and user behavior are all personal data relating to an individual to the extent such information can be related to the relevant individual.
Our principles when collecting personal information
We at Noname respect and protect the privacy of our customers and commit to following these principles:
- We use personal information lawfully, fairly, correctly, and in a transparent manner.
- We collect no more personal information than necessary, and only for a legitimate purpose.
- We retain no more data than necessary or for a longer period than needed.
- We protect personal information with appropriate security measures.
What personal information do we collect?
The personal information we process depends on the context of your interactions with us. We may collect personal information when you create an account on our websites, visit our websites, or complete a purchase. The personal information we collect broadly falls into the following categories:
- general personal information: first name, last name,
- contact data: mailing address, email address;
- account related details: login details; password;
- usage information: information on how our websites are used, including feedback provided;
- technical information: technical information collected from website visitors using cookies;
- correspondence between you and us, g. information that you provide when contacting customer service.
Any information you provide to us that is not required is voluntary.
What is the purpose and legal basis for processing your data
We process your personal data based on the applicable legal requirements, based on our legitimate interests or your consent. Our primary purpose in collecting personal information is to provide you with a secure, smooth and efficient customer service. We generally use personal information to process your order, manage your account and to communicate with you regarding your order.
We may use your personal information which we collect for the purposes and on the legal bases identified below:
To enable you access to your account and fulfil your order: creating the customer account, fulfilling and delivering your orders.
For the performance of a contract with you or to take steps at your request prior to entering into a contract [GDPR Article 6-1(b)]
For the performance of a contract with you or to take steps at your request prior to entering into a contract under [GDPR Article 6-1(b)]
To retain accounting-related and order information:
to help us comply with legal and accounting requirements
For compliance with a legal obligation [GDPR Article 6-1(c)]
To engage in direct marketing and sales related activities: based on your communication preferences, we may send you marketing communications (e.g. emails) to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers.
Your consent [GDPR Article 6-1-(a)]
Automatically collected technical data
Who has access to your personal data
Your personal data is available and accessible only by those who need the data to accomplish the intended processing purpose. To the extent necessary, your personal data may be shared between the companies within the Nomade Group, with suppliers and sub-contractors (processors and sub-processors) carrying out certain tasks on our behalf and with independent third-parties.
The personal data that we collected from you is generally stored within a country of the European Union or the European Economic Area (“EU/EEA”) but may also, whenever necessary, be transferred to and processed in a country outside of the EU/EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws and without undermining your statutory rights.
From time to time we may transfer personal data from the EU/EEA to a third country not being approved by the European commission as a safe country for such transfer (adequacy decision). Whenever applicable we will use Standard Contractual Clauses to ensure a similar level of protection as granted within the EU/EEA or other lawful grounds for transfer.
We will never sell or rent your personal information to third parties. We will only share your information in the following circumstances:
- IT service providers and servers providing IT solutions and other related services necessary for our daily website function.
- Service providers under contract who help with parts of our business operations for example, but not limited to, order management, postal service, cloud storage, and email marketing.
- Professional advisors who provide banking, legal, insurance, accounting, or other consulting services in order to provide us advice or complete third-party financial, technical, compliance, and legal audits of our operations or otherwise comply with our legal obligations.
- With companies or other entities that we plan to demerge or merge with or be acquired by. You will receive prior notice of any change in applicable policies.
- Public institution(s). Any competent law enforcement body, regulatory body, government agency, court or other third parties where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.
How we protect and store your personal information
We take appropriate and reasonable technical and organizational measures designed to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.
These measures include but are not limited to the implementation of appropriate computer security systems and safeguards such as firewalls, enforcement of physical access controls to our buildings and files, and authorising access to personal information only for those employees who require it to fulfill their job responsibilities.
If you have any questions about the security of your personal information, you may contact us at the contact details below.
Your data protection rights
To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights include the following:
Access. You have the right to know which of your personal information we process.
Rectification. You may ask us to (and you are also obliged to) rectify any error in your personal data.
Erasure (the right to be forgotten). You may ask us to erase your personal information, which we will respect and comply with.
Restriction. You may ask us to restrict the processing of your personal information.
Object. You may object to the processing of your personal information.
Data portability. You may ask us to provide you or others with your personal information in a structured, commonly used and machine-readable format.
Lodge a complaint to the data protection authority. You may lodge a complaint with your applicable data protection authority regarding our collection and use of your personal information. Contact details for data protection authorities within the EU and EEA are available here.
Right to withdraw your consent. If personal information is collected or processed on the basis of consent, or if you have, for example, consent to receiving marketing emails from us, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Please note that the above rights may be subject to exceptions and limitations. We cannot, for example, provide personal data if it would violate our duty of confidentiality or if we have a legal obligation to retain such data.
How to exercise your rights. You may correct and/or delete personal data linked to your account yourself, in the user settings on your account page. If you wish to exercise any of the other privacy rights that apply to you, you can do this by reaching out to us at firstname.lastname@example.org
If we receive an email from you, we may ask you to verify your identity to comply with applicable law and help us respond efficiently to your request.
How long is your data stored
We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes.
- Personal information obtained for the purposes of fulfilling your order is kept no more than necessary for us to perform our contractual obligations and protect us from any claims, generally no more than 3 years.
- Accounting-related information shall be retained as required under applicable legislation and industry standards. Generally at least for 7 years since the date of the end of our business relationship.
- Contact information such as your email address for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
- Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to two years from expiry of the cookie.
How to contact us
If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, you may contact us email@example.com, or by postal mail to: