PRIVACY POLICY

Introduction

Nuud B.V., a private limited company under Dutch law, registered at Koningin Wilhelminaplein 1 Unit 4.07.12, 1062 HG Amsterdam, the Netherlands, and registered with the Dutch Chamber of Commerce with number 69328943 (NUUD), respects the privacy of all visitors to its Website(s) and is committed to maintaining the privacy of all visitors. We will use your personal data to make sure that your orders will be handled as well as possible and to ensure our website functions properly.

  • This statement informs you about the following:
  • What data we collect
  • What we need your data for
  • How we may share your data
  • Legal grounds for processing your data
  • Your data security
  • The length we maintain your data
  • Where your data is processed
  • Cookies and Do Not Track
  • Online Advertising
  • Your privacy rights
  • Objection and complaints
  • Changes to our privacy statement
  • Minors providing personal data
  • Contact us

1. What data we collect

  • Personal data are data that can be used to identify you as a person. We collect data in the following ways:
  • If you place an order on our Website(s), we collect your name, e-mail, billing and shipment address in order to complete and deliver your order. In addition, we also offer you the possibility to store (encrypted and inaccessible) credit card details.
  • To make your shopping experience as nice as possible we collect personal data about your orders and the use of our services. With this data we can personalize the Website(s) and recommend products you might be interested in. We may also use this data to find patterns that can be used to further optimize our marketing.
  • If you have placed items in your shopping cart while using an online account but have not checked out these items, we may send you an abandoned cart e-mail informing you that the items are still for sale. For this purpose, we collect data about which items are placed in your cart.
  • The data and feedback we collect about the use of our Website(s) help us to develop and improve the Website(s) and related services.
  • If you decide to write a review, you can do this under your own name or anonymously. We reserve the right to not publish or to remove reviews.
  • If you contact our customer service, we will collect your name and e-mail address (and any additional data you may provide us with) to be able to respond to your questions or comments or to provide better service.
  • We will inform you on new products, specials and other promotional activities by sending you our newsletter. If you no longer want to receive this newsletter, you can unsubscribe by use of the relevant opt-out button.
  • if you have given your prior explicit consent in accordance with Article 11.7 of the Dutch Telecommunications Act (Telecommunicatiewet), we may also send you marketing communications via SMS to your mobile telephone number. We will collect your mobile telephone number for this purpose. You can withdraw your consent and opt out of SMS communications at any time by replying STOP to any SMS message or by contacting us at info@nuudcare.com. Transactional SMS messages (such as order confirmations and shipping notifications) are sent on the basis of the performance of an agreement (Article 6(1)(b) GDPR) and do not require separate consent.

2. What we need your data for

We only collect and further process your personal data for the purposes mentioned in the previous paragraph.

We will ask your consent before using your personal data for purposes other than those listed above, unless the further use of your data is compatible with the purpose for which the personal data were initially collected. We will inform you of, and, if necessary ask your consent for, any changes in the use of your personal data.

We may use your data for decisions based on automated decision-making, including profiling. For instance, we may use previous purchase data and or browsing data to suggest matching products to those previous purchases. For personalised advertising we rely on your consent (Article 6(1)(a) GDPR); for product recommendations on our Website(s) we rely on our legitimate interests (Article 6(1)(f) GDPR). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you (Article 22 GDPR). Where such processing occurs on the basis of consent or contractual necessity, you may request human review of that decision by contacting us. The logic involved consists of matching prior purchase and browsing history to product categories; the envisaged consequence is the display of tailored product recommendations.

3. How we may share your data

We will not share (or sell) your personal data to third parties, except as disclosed in this privacy statement or with your consent. We may share your personal data with our third-party service providers, including, but not limited to:

Functional

  • Stripe - our payment services provider
  • Paypal - our payment services provider
  • Mollie - our payment services provider
  • Sofort - our payment services provider
  • Gorgias - our customer service provider
  • Klarna - In order to be able to offer you Klarna’s payment options in certain countries, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you. General information on Klarna you can find here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna's privacy statement.
  • Klaviyo – our SMS messaging service provider, used to send transactional and marketing SMS communications. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in the Klaviyo privacy statement.

Analytics

  • Hotjar - to gather your feedback about our website and optimize your website experience
  • Google Analytics - to collect and display detailed statistics from our Website(s). The purpose of this service is to give us a clear overview of visitor flows, traffic sources and pageviews. Based on this information we can improve our Website(s) and improve your shopping experience on our Website(s).

Marketing

  • Facebook - to show you personalized messages and advertisements
  • Google Ads – to share and display relevant products on Google platforms

These service providers are granted access to some or all of your personal data as necessary for the purposes described above and may use cookies (as defined below) or other automatic collection technology on our behalf. The service providers are contractually restricted by way of a data processing agreement in the way they may process your personal data.

Please note that the use of any feature made available to you on our Websites such as Facebook Connect, or the like feature (also connected to Facebook), may result in your personal data being collected or shared by us or by others. We cannot control how your data is collected, stored, used or shared by third-party sites or to whom it is disclosed. Please review the privacy policies and settings of your social networking sites to make sure you understand and agree with the data being shared.

We may also share your personal data with applicable third parties in the event of a reorganisation, merger, sale, assignment or other disposition of all or a portion of our business, assets or shares.

4. Legal grounds for processing your data

Consent

By the following acts you give us your consent to process your personal data:

  • Creating an online account
  • Writing a review
  • Contacting our customer service

We will ask your consent before we send you a newsletter if you are not yet our customer.

You have the right to revoke your consent at all times. When you revoke your consent, we will stop processing your personal data.

Necessary for the performance of an agreement

When you place an order, you enter into a purchase agreement with us. In order to process and deliver your order, we need certain personal data, such as your name, e-mail, billing and shipment address.

Legitimate interests

We may process your personal data for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms.

For our legitimate business interests, we may process your personal data to:

  • Personalise our Website(s)
  • Recommend products that you may be interested in
  • Optimize our marketing
  • Develop and improve the functionality of our Website(s)

To opt out of receiving interest-based advertising from third parties, you may click on any of the following links (all as further set out in paragraph 9 below):

www.networkadvertising.org

www.aboutads.info

In addition, you have the right to object to this way of processing your personal data. If you would like to exercise this right, please contact us at info@nuudcare.com. Please note that if you exercise such right accordingly, this may limit us to process your data for your benefit as set out above.

5. Your data is safe with NUUD (online security)

We appreciate the trust you place in us. NUUD is committed to protecting your personal data. We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, in accordance with Article 32 GDPR. These measures include, among others: (i) encryption of personal data in transit (SSL/TLS) and, where appropriate, at rest; (ii) pseudonymisation of personal data where technically and operationally feasible; (iii) role-based access controls limiting access to personal data to authorised personnel on a need-to-know basis; (iv) procedures for regularly testing, assessing and evaluating the effectiveness of our security measures; and (v) an internal procedure for detecting, reporting and investigating personal data breaches. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours and, where required, inform you directly without undue delay.

6. We do not keep your personal data longer than necessary

When you place an order for our products, we retain that information for a minimum period of six years following the end of the financial year in which you placed your order, in accordance with our legal obligation to keep records for tax purposes. 

We retain the information you used to sign up for our newsletter for as long as you remain subscribed (i.e. you do not unsubscribe) or if we decide to cancel our newsletter service, whichever occurs first. In any other circumstances, we will retain your information no longer than necessary, taking into account the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under an agreement with you or to contact you in the future). In addition we apply the following retention periods: 

  • customer service communications and complaints: 2 years from the date of the last communication (or longer if required for legal proceedings);
  • product reviews: for the duration of the review being published plus 1 year;
  • abandoned cart data: 90 days from the date of abandonment; 
  • SMS opt-in consent records: for the duration of the consent period plus 3 years to demonstrate compliance; 
  • profiling and marketing data: 2 years from the date of last interaction;
  • Mobile telephone numbers collected for SMS communications will be deleted within 30 days of withdrawal of consent or opt-out.

We may have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulations) 

7. Where your data is processed

Your data is processed within the European Union and stored in the US and Canada. When personal data is processed or stored in the US and Canada, we make sure that appropriate safeguards are in place to protect your data. More specifically, for transfers to the United States we rely on the EU-U.S. Data Privacy Framework (adequacy decision of 10 July 2023, Commission Implementing Decision (EU) 2023/1795) for certified organisations, and on Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 where applicable. For transfers to Canada, we rely on the adequacy decision under Commission Decision 2002/2/EC. Where we rely on SCCs, a copy of those clauses is available upon request. Where our third-party service providers (including payment processors, analytics providers, and marketing platforms listed in the “How we may share your data” section above) process personal data outside the European Economic Area, such transfers are subject to appropriate safeguards. Each provider either (i) is established in a country covered by an adequacy decision of the European Commission, (ii) has implemented Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914, or (iii) relies on other appropriate safeguards as permitted under the GDPR. You may request a copy of the applicable transfer mechanism for any specific provider by contacting us at info@nuudcare.com.

8. Cookies and Do Not Track

We use the below cookies on our Website(s) that act as an identification card for your computer. We distinguish between (i) strictly necessary cookies, which are required for the operation of our Website(s) and do not require your consent; and (ii) non-essential cookies (including analytics, marketing, and preference cookies), which are only placed after you have given your prior consent via our cookie consent banner. You can withdraw or change your cookie preferences at any time via the cookie settings link in the footer of our Website(s). For a full description of each cookie we use, its purpose, duration and whether it requires consent, please refer to our Cookie Policy [INSERT LINK]. 

Name

Countries

Cookies name

Characteristics




.nuud.care 

All

_gid, _ga

_gid will be saved for 1 day, _ga will be saved for a maximum of 2 years

.shopify.com

All

__utma, _y, _shopify_fs, _shopify_y,  master_device_id, last_shop, _ga, __hssrc, _UA-82702-3, _UA-82702-49, __utmz, _gid, __hstc

Cookies are coming from .shopify.com,

 

cdn.shopify.com

All

_y, _shopify_y

Cookies are coming from cdn.shopify.com,

connect.facebook.com

All

Connect_facebook

Cookies are coming from Facebook.com


9. Online Advertising

NUUD may participate in interest-based advertising. As described above, we may automatically collect data regarding how you browse websites, use applications and shop in order to enhance your customer experience, improve our customer service, and provide you with communications and promotions from us or others. The objective of interest-based advertising is for NUUD to show you ads that are more relevant to your interests.  

10. Your privacy rights

Under applicable privacy laws (General Data Protection Regulation (GDPR)), you have, inter alia, the right to:

  • Ask for access to your personal data (access);
  • Ask to change or correct your personal data (rectification);
  • Ask to delete your personal data (erasure/right to be forgotten);
  • Ask to restrict the processing of your personal data (restriction);
  • Ask to transfer your data to another controller or to yourself if we have processed your data based on your consent or based on the agreement you have entered into with us (data portability);
  • Object to the (further) processing of your personal data if we have processed your data based on our legitimate interests (objection).

11. Objection and complaints

If we have collected personal data from you on the basis of our legitimate interests, you can at all times object to the processing of your personal data by contacting us at info@nuudcare.com. We will in that case stop the processing, unless we have compelling legal grounds for the processing which override your interest to stop the processing. You also have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (AP), P.O. Box 93374, 2509 AJ The Hague, www.autoriteitpersoonsgegevens.nl .

12. Changes to our statement

Our Privacy Statement may change from time to time to reflect changes to our services or changes in the Applicable privacy laws. We will not reduce your rights under this Privacy Statement without your explicit consent. We will post any changes to our Privacy Statement on this page. We will notify you personally, for example through an email notification, of significant changes to our Privacy Statement.

13. Minors providing personal data

Persons below the age of 16 may only provide personal data to NUUD if they have written consent from one of their parents or legal guardians who has read this privacy statement.

14. Contact us

NUUD is responsible for the processing of your personal data and acts as the controller. If you have any questions, feedback or want to know more about how your personal data is processed, or if you want to access, correct or remove your personal data, please contact us at info@nuudcare.com.