Nour Atelier
0
Nour Atelier
0
Menu
Account

Privacy Policy

Last updated.

1. Introduction

NOUR ATELIER LIMITED ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [Your Website URL] (the "Site"), including any other media form, media channel, mobile website, or mobile application related or connected thereto. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

This policy applies where we are acting as a data controller with respect to the personal data of our Site visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.

Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.

2. Data Controller Information

NOUR ATELIER LIMITED is the data controller responsible for your personal data collected through the Site.

3. What Personal Data We Collect

We may collect various types of personal data about you, including:

  • Identity Data: Includes first name, last name, username or similar identifier.

  • Contact Data: Includes billing address, delivery address, email address, and telephone numbers.

  • Financial Data: Includes payment card details (processed securely by our payment processors, not stored by us).

  • Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Site.

  • Profile Data: Includes your username and password (if you create an account), purchases or orders made by you, your interests, preferences, feedback, and survey responses.

  • Usage Data: Includes information about how you use our website, products, and services.

  • Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not typically collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

4. How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

  • Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:

    • Purchase products or services;

    • Create an account on our website;

    • Subscribe to our service or publications (e.g., newsletter);

    • Request marketing to be sent to you;

    • Enter a competition, promotion or survey; or

    • Give us feedback or contact us.

  • Automated technologies or interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy [Link to Cookie Policy or Section Below] for further details.

  • Third parties or publicly available sources: We receive personal data about you from various third parties, such as:

    • Technical Data from analytics providers (e.g., Google Analytics); advertising networks; search information providers.

    • Contact, Financial and Transaction Data from providers of technical, payment (e.g., Shopify Payments, PayPal) and delivery services.

    • Data from platforms like Shopify that host our store.

5. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To Perform a Contract: To process and deliver your order including managing payments, fees, and charges, and collecting money owed to us.

  • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes:

    • Managing our relationship with you (e.g., notifying you about changes to our terms or privacy policy, asking for feedback).

    • Administering and protecting our business and this Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).

    • Delivering relevant website content and advertisements to you and measuring the effectiveness of advertising.

    • Using data analytics to improve our website, products/services, marketing, customer relationships, and experiences.

    • Making suggestions and recommendations to you about goods or services that may be of interest to you.

  • Consent: Where you have given us explicit consent to do so, such as sending you direct marketing communications via email or text message. You have the right to withdraw consent at any time.

  • Legal Obligation: Where we need to comply with a legal obligation (e.g., tax or financial reporting).

6. Legal Basis for Processing

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal data from you.

7. Data Sharing and Third Parties

We may share your personal data with the parties set out below for the purposes set out in section 5:

  • Service Providers: Third parties who provide IT, system administration, order fulfilment, payment processing, shipping, marketing, and analytics services.

  • Shopify: Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases, and the general Shopify application. They store your data on a secure server behind a firewall. For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.

  • Payment Gateways: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.

  • Professional Advisers: Including lawyers, bankers, auditors, and insurers based in the UK who provide consultancy, banking, legal, insurance, and accounting services.

  • HM Revenue & Customs (HMRC), regulators and other authorities: Based in the United Kingdom who require reporting of processing activities in certain circumstances.

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. International Data Transfers

Some of our external third parties (including Shopify) are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK authorities.

  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (such as the UK Addendum to the EU Standard Contractual Clauses).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the Information Commissioner's Office - ICO) of a breach where we are legally required to do so.

10. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements. By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

11. Your Data Protection Rights

Under UK data protection law, you have rights including:

  • Right of access: You have the right to ask us for copies of your personal data.

  • Right to rectification: You have the right to ask us to rectify personal data you think is inaccurate or complete information you think is incomplete.

  • Right to erasure: You have the right to ask us to erase your personal data in certain circumstances.

  • Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances.

  • Right to object to processing: You have the right to object to the processing of your personal data in certain circumstances (e.g., for direct marketing).

  • Right to data portability: You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

  • Right to withdraw consent: Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at info@nouratelier.co.uk or our registered address if you wish to make a request.

12. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

13. Children's Privacy

Our Service is not intended for use by children under the age of 13 [Or 16 - check UK GDPR specifics if targeting children]. We do not knowingly collect personal data from children under this age. If you become aware that a child has provided us with Personal Data, please contact us.

14. Changes to This Privacy Policy

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last updated" date and the updated version will be effective as soon as it is accessible. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

15. Contact Us

If you have questions or comments about this policy, or if you wish to exercise your data protection rights, you may contact us at:

16. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above.

You can also complain to the ICO if you are unhappy with how we have used your data.

  • The ICO’s address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

  • Helpline number: 0303 123 1113

  • ICO website: https://www.ico.org.uk