Privacy Policy

PRIVACY POLICY

Last Updated: 30 May 2026

---

1. INTRODUCTION

This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or make a purchase from Nourva.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact Information:

• Email: nourvahelp@outlook.com
• Website: shopnourva.com

---

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

When you visit our website, create an account, place an order, or contact us, we may collect:

• Personal Identification Information: Name, email address, phone number
• Billing Information: Billing address, shipping address
• Payment Information: Payment card details (processed securely by our payment providers)
• Account Information: Username, password (if you create an account)
• Communication Data: Any information you provide when contacting us via email or contact forms

2.2 Information We Collect Automatically

When you visit our website, we automatically collect certain information about your device and browsing behavior:

• Technical Data: IP address, browser type and version, operating system, device type
• Usage Data: Pages visited, time spent on pages, clickstream data, referring website
• Cookie Data: Information collected through cookies and similar technologies (see Section 4)

---

3. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes, in accordance with Article 6 of the UK GDPR:

3.1 To Process Your Orders (Legal Basis: Contract Performance - Art. 6(1)(b) UK GDPR)

• Process payments and fulfil orders
• Arrange delivery through our shipping partners
• Send order confirmations and shipping updates
• Handle returns and refunds

3.2 To Communicate With You (Legal Basis: Contract Performance & Legitimate Interests - Art. 6(1)(b)(f) UK GDPR)

• Respond to your inquiries and customer service requests
• Send important updates about your order or our services
• Notify you of changes to our terms or policies

3.3 For Marketing (Legal Basis: Consent or Legitimate Interests - Art. 6(1)(a)(f) UK GDPR)

• Send you promotional emails about our products and offers (only with your consent)
• Show you targeted advertisements on social media platforms
• Improve our marketing campaigns based on your preferences

You can unsubscribe from marketing emails at any time using the unsubscribe link in our emails or by contacting us.

3.4 To Improve Our Website (Legal Basis: Legitimate Interests - Art. 6(1)(f) UK GDPR)

• Analyse website usage and performance using analytics tools
• Improve website functionality and user experience
• Detect and prevent fraud or security issues

3.5 To Comply With Legal Obligations (Legal Basis: Legal Obligation - Art. 6(1)(c) UK GDPR)

• Maintain records for tax and accounting purposes
• Comply with legal requests from authorities
• Enforce our terms and conditions

---

4. COOKIES AND TRACKING TECHNOLOGIES

4.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and allow certain features to function properly.

4.2 Types of Cookies We Use

Essential Cookies (Cannot be disabled)

• Required for the website to function properly
• Enable shopping cart functionality and secure checkout
• Remember your preferences during your visit

Analytics Cookies (Optional)

• Help us understand how visitors use our website
• We use Google Analytics to collect anonymous usage data
• Allow us to improve website performance and content

Marketing Cookies (Optional)

• Used to show you relevant advertisements on social media
• We use Facebook Pixel (Meta Ads) to track conversions and optimize ads
• Help us measure the effectiveness of our marketing campaigns

4.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from specific websites
• Delete all cookies when you close your browser

Please note: Disabling cookies may affect the functionality of our website, and some features may not work properly.

Browser Cookie Settings:

• Chrome: https://support.google.com/chrome/answer/95647
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

---

5. SHARING YOUR INFORMATION

We only share your personal information with third parties when necessary to operate our business and provide our services:

5.1 Payment Processors

We use the following payment processors to securely handle your payment information:

• Shopify Payments
• PayPal
• Apple Pay
• Google Pay

Your payment card details are transmitted directly to these processors using secure encryption. We do not store your full payment card information on our servers.

Privacy Policies:

• Shopify: https://www.shopify.com/legal/privacy
• PayPal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

5.2 Shipping and Fulfillment Partners

We share your name, shipping address, and order details with our fulfillment partners to deliver your products. Your information is only used for order fulfillment purposes.

5.3 Marketing and Analytics Providers

Google Analytics We use Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymous data about your visit, including pages viewed, time spent, and device type. This data is anonymized and cannot be used to personally identify you.

Opt-out: https://tools.google.com/dlpage/gaoptout

Meta (Facebook/Instagram) Pixel 

We use the Meta Pixel and Meta Business Tools on our website to measure the effectiveness of our advertising campaigns and show you relevant ads on Facebook and Instagram. We have configured these tools to use enhanced data sharing, which means we may collect and share the following information with Meta Platforms, Inc.:

• Name, email address, and phone number

• Purchase history and browsing behaviour on our site

• Billing and shipping address

• Device information and IP address

This data is used to personalise advertisements, measure ad performance, and improve our marketing campaigns. This sharing is carried out in accordance with Meta's Business Tools Terms and Data Processing Terms.

Meta may combine this information with data from other websites and sources to show you more relevant ads across Facebook, Instagram, and Meta's wider ad network.

To opt out of this data sharing or manage your ad preferences:
Opt-out: https://www.facebook.com/settings?tab=ads
Meta Privacy Policy: https://www.facebook.com/privacy/policy

Privacy Policies:

• Google: https://policies.google.com/privacy
• Meta: https://www.facebook.com/privacy/policy

5.4 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our legal rights.

---

6. INTERNATIONAL DATA TRANSFERS

Some of our service providers (such as Shopify, Google, Meta) are based outside the United Kingdom, including in the United States. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)
• Adequacy decisions recognizing equivalent data protection standards
• Certification under recognized data protection frameworks

---

7. DATA SECURITY

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

• SSL/TLS encryption for all data transmitted through our website
• Secure payment processing through PCI-DSS compliant payment providers
• Regular security assessments and updates
• Access controls limiting who can view your information
• Secure data storage with reputable hosting providers

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

---

8. DATA RETENTION

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

• Order Information: 6 years (to comply with UK tax and accounting requirements)
• Marketing Data: Until you unsubscribe or withdraw consent, plus 2 years for record-keeping
• Website Analytics: 26 months (Google Analytics default retention period)
• Customer Accounts: Until you request deletion or close your account

After the retention period expires, we will securely delete or anonymize your personal information.

---

9. YOUR RIGHTS UNDER UK GDPR

Under UK data protection law, you have the following rights regarding your personal information:

9.1 Right to Access (Article 15 UK GDPR)

You have the right to request a copy of the personal information we hold about you, including:

• What data we collect
• Why we collect it
• Who we share it with
• How long we keep it

9.2 Right to Rectification (Article 16 UK GDPR)

You have the right to request correction of inaccurate or incomplete personal information.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17 UK GDPR)

You have the right to request deletion of your personal information when:

• The data is no longer necessary for the purposes it was collected
• You withdraw your consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Please note: We may not be able to delete your information if we are required to retain it for legal or accounting purposes (e.g., 6 years for tax records).

9.4 Right to Restriction of Processing (Article 18 UK GDPR)

You have the right to request that we limit how we use your personal information when:

• You contest the accuracy of the data
• The processing is unlawful but you don't want the data deleted
• We no longer need the data, but you need it for legal claims

9.5 Right to Data Portability (Article 20 UK GDPR)

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transfer it to another service provider.

9.6 Right to Object (Article 21 UK GDPR)

Objection to Direct Marketing: You have the absolute right to object to the use of your personal information for direct marketing purposes at any time. Simply click "unsubscribe" in our marketing emails or contact us.

Objection to Processing Based on Legitimate Interests: You have the right to object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

9.7 Right to Withdraw Consent (Article 7(3) UK GDPR)

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before you withdrew consent.

9.8 Right to Lodge a Complaint

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

• Website: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

---

10. EXERCISING YOUR RIGHTS

To exercise any of your rights, please contact us at:

Email: nourvahelp@outlook.com

We will respond to your request within one month of receiving it. In complex cases, we may extend this by up to two additional months, and we will inform you if this is necessary.

Verification: To protect your privacy, we may need to verify your identity before processing your request.

---

11. CHILDREN'S PRIVACY

Our website and products are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a child under 18, please contact us immediately so we can delete it.

---

12. THIRD-PARTY LINKS

Our website may contain links to third-party websites (e.g., payment processors, social media platforms). We are not responsible for the privacy practices of these third-party websites. We encourage you to read their privacy policies before providing any personal information.

---

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (if you have an account or are subscribed to our newsletter)
• Display a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

---

14. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Email: nourvahelp@outlook.com

We aim to respond to all inquiries within 48 hours during business days.

---

15. DATA PROTECTION OFFICER

As a small business, we are not legally required to appoint a Data Protection Officer (DPO). However, our management team is responsible for ensuring compliance with data protection laws. For data protection inquiries, please contact us using the details in Section 14.

---

16. COMPANY INFORMATION

This website is operated by:

Flux Ecom Ltd
Company Registration Number: 17010249
Registered in England and Wales
Registered Office: Unit 1, Speedwell Close Industrial Estate, Birmingham, B25 8HT

---

This Privacy Policy is effective as of 22 February 2026 and applies to all personal information collected through the Nourva Health website.