Privacy Policy
1. Who Is the Data Controller?
Name: Margarita Expósito Muñoz
NIF: ES52349013R
Address: Calle Nazario Calonge 7, San Fernando de Henares, Spain
Email: info@nora-cosmetics.com
Website: nora-nordic.com
2. What Data We Collect
2.1 Data you provide directly
• Full name and delivery address
• Email address
• Phone number (optional, if provided at checkout)
• Payment information (processed securely by third-party payment providers — we do not store card details)
• Order history and communications with our customer care team
2.2 Data collected automatically
• IP address and browser type
• Pages visited, time spent on site, and navigation behaviour
• Device type and operating system
• Referring URLs and search terms
• Cookie identifiers (see Section 7)
3. Why We Use Your Data and Legal Basis
We process your personal data for the following purposes:
Order fulfilment: To process and ship your orders, send order confirmations and tracking information. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
Customer support: To respond to your enquiries, manage returns and resolve issues. Legal basis: performance of a contract and legitimate interest (Art. 6(1)(b) and 6(1)(f) GDPR).
Email marketing: To send you promotional emails, product recommendations and exclusive offers, only if you have subscribed or consented at checkout. Legal basis: consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time by clicking "Unsubscribe" in any email.
Analytics and site improvement: To understand how visitors use our website and improve the shopping experience. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
Legal compliance: To comply with applicable tax, accounting and consumer protection obligations. Legal basis: legal obligation (Art. 6(1)(c) GDPR).
4. Third-Party Services and Data Processors
We work with carefully selected third-party providers to operate our store. Each acts as a data processor under GDPR, bound by data processing agreements:
E-commerce Platform
Shopify Inc. — our online store platform. Shopify processes order and customer data on our behalf. Privacy policy: shopify.com/legal/privacy
Order Fulfilment
Selfnamed — our production and logistics partner, who fulfils and ships orders directly to customers across Europe. Data shared: name, delivery address, and order details.
Email Marketing
Klaviyo Inc. — we use Klaviyo to send transactional and marketing emails. Data shared: name, email address, and purchase history. Privacy policy: klaviyo.com/legal/privacy
Advertising
Meta Platforms (Facebook/Instagram) — we use the Meta Pixel to measure ad performance and show relevant ads to users. This may involve processing your browsing behaviour. You can opt out via your Facebook Ad Preferences or cookiebot.com.
Google LLC (Google Ads & Google Analytics 4) — we use Google Analytics 4 to analyse site traffic and Google Ads to run and measure advertising campaigns. Data is processed in accordance with Google's privacy policy: policies.google.com/privacy
Analytics & Session Recording
Microsoft Clarity — we use Microsoft Clarity to record anonymised session behaviour (mouse movements, clicks, scroll patterns) to improve our website. Clarity does not collect personally identifiable information. Privacy policy: privacy.microsoft.com/en-us/privacystatement
Payments
Klarna Bank AB — Klarna offers buy-now-pay-later and instalment payment options. When you choose Klarna, your personal and order data is shared with Klarna to assess your eligibility. Klarna acts as an independent data controller for its own services. Privacy policy: klarna.com/us/legal/privacy
Other payment providers (Visa, Mastercard, PayPal, Apple Pay, Google Pay, Shop Pay, Bancontact, Maestro, UnionPay) — payment data is processed directly and securely by these providers. We do not store your card details.
5. International Data Transfers
Some of our third-party providers are based outside the European Economic Area (EEA), including the United States (Shopify, Klaviyo, Google, Meta, Microsoft). In these cases, data transfers are carried out under the EU Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the European Commission, ensuring your data receives an equivalent level of protection.
6. How Long We Keep Your Data
• Order and transaction data: 5 years (Spanish tax law obligation)
• Customer account data: until account deletion or 3 years of inactivity
• Marketing email data: until you unsubscribe or withdraw consent
• Analytics data: up to 14 months (Google Analytics 4 default)
• Session recordings (Microsoft Clarity): up to 30 days
7. Cookies
We use cookies and similar tracking technologies on nora-nordic.com. Cookies are small text files stored on your device that help us operate the website, remember your preferences, and measure the effectiveness of our advertising.
The types of cookies we use include:
• Essential cookies: required for the website to function (shopping cart, checkout, language preferences).
• Analytics cookies: used by Google Analytics 4 and Microsoft Clarity to understand how visitors interact with the site.
• Marketing cookies: used by the Meta Pixel and Google Ads to measure ad performance and show you relevant advertising.
• Functional cookies: used by Shopify and Klaviyo to personalise your experience.
When you first visit our website, you will be asked to accept or reject non-essential cookies via our cookie consent banner. You can change your preferences at any time using the cookie settings link in our website footer.
You can also manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.
8. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
• Right of access: to request a copy of the personal data we hold about you.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): to request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing: to request that we limit how we use your data.
• Right to data portability: to receive your data in a structured, machine-readable format.
• Right to object: to object to processing based on legitimate interest, including direct marketing.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, please contact us at info@nora-cosmetics.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at aepd.es.
9. Data Security
We take the security of your personal data seriously. Our website uses SSL/TLS encryption (HTTPS) to protect data transmitted between your browser and our server. Shopify, our e-commerce platform, is PCI DSS compliant. We restrict access to personal data to authorised personnel only and regularly review our security practices.
However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.
10. Children's Privacy
Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us at info@nora-cosmetics.com and we will take steps to delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legislation. The date of the most recent update will always be displayed at the top of this page. We encourage you to review this policy periodically. For significant changes, we will notify you by email or via a notice on our website.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
Email: info@nora-cosmetics.com
Address: Margarita Expósito Muñoz, Calle Nazario Calonge 7, San Fernando de Henares, Spain
We aim to respond to all enquiries within 5 business days.