Privacy Policy
Privacy Policy
Last updated 24 October 2023
General
This policy on the processing of personal data (the “Privacy Policy”) describes how the Nordlux Group collects and processes your personal data.
The Privacy Policy applies to personal data that you provide to us, including through customer service enquiries, or collected by us through our websites, our digital advertising, your participation in competitions and your subscriptions to newsletters.
The Privacy Policy includes information about which personal data are collected and what rights you have.
Contact
Nordlux A/S is the data controller for the processing of the personal data that we receive about you.
Our contact details are:
Nordlux A/S
CRN (CVR): 10216990
Østre Havnegade 34
DK-9000 Aalborg
Tel: +31 01838 90350
E-mail: nordlux@nordlux.com
How we collect and use your personal data
The Nordlux Group collects and processes the following data when you visit our websites:
- Your IP address
- Which browser you use, including technical data about your computer, tablet or mobile phone
- Geographical location
- Which pages you click on, including which search terms you use on our website
The Nordlux Group collects and processes the following data when you shop with us, or when you contact us via our contact form:
- Name
- Address (both billing address and delivery address)
- Phone number and e-mail address
- Customer ID
- Details of the products you have ordered
- Furthermore, you have the option to consent to receiving marketing material via e-mail, including in the form of newsletters. In that context, we will collect and process your e-mail address.
The purpose of, and legal basis for, processing your personal data
The purpose of collecting and processing data in connection with visits to our website is to optimise your experience as a user of the website, including ensuring the correct setup of the website, and to be able to carry out targeted and relevant marketing. The collection and processing are therefore done so that we can pursue our legitimate interests in accordance with Article 6(f) of the General Data Protection Regulation.
In addition, we collect data for statistical and analytical purposes to improve our products and services.
The purpose of collecting and processing data in connection with purchases on our website is to enable us to perform the contract we have entered into regarding the purchase of an item, cf. Article 6(b) of the General Data Protection Regulation. Furthermore, in accordance with the Danish Bookkeeping Act we are subject to an obligation to store your personal data.
The purpose of storing your personal data – in addition to enabling you to make use of our services – is additionally to be able to:
- Process your payments
- Manage your purchases
- Manage your returns
- Carry out exchanges or other transactions
- Arrange shipping
- Allow you to write reviews
If you have consented to receive marketing material via e-mail, the legal basis for processing is Article 6(a) of the General Data Protection Regulation. Your consent to receive marketing material via e-mail can be withdrawn at any time by using the “Unsubscribe” link at the bottom of each newsletter. Alternatively, you can also unsubscribe by e-mailing us at nordlux@nordlux.com
Recipients of your personal data
In some cases, your personal data are shared with third parties. Generally, these can be divided into:
- Affiliated companies, including in connection with IT administration, payment processing, data analysis, customer support, cloud storage, fulfilment and shipping, etc.
- Partners – e.g. data processors who process data on our behalf (e.g. Google Analytics).
- External suppliers – e.g. carriers when an item is to be delivered to you
- Public authorities – under applicable law, public authorities, including the Danish Tax Agency, have the right to access certain data
- When you instruct, request or otherwise consent to our sharing of certain data with third parties, e.g. in order to send you products, or through your use of social media widgets or login integrations.
As a rule, your data will not be shared with partners or external suppliers outside the EU/EEA. Should a partner or external supplier be located outside the EU/EEA, we will ensure that the processing is covered by the same protection as that in force within the EU/EEA.
We do not use or share sensitive personal data for the purpose of inferring characteristics about you.
Storage of your personal data
The Nordlux Group is committed to safeguarding your personal data and has therefore taken a number of technical and organisational measures to protect your personal data from being misused or lost.
Data collected and processed when visiting our website are stored for up to two years, depending on the type of data. This is described in more detail in our cookie policy. As a rule, we store your personal data for a period comprising the current year plus five years following the purchase of an item in accordance with our obligations under the Danish Bookkeeping Act.
In some cases, however, the data may be stored for longer, if this is necessary to comply with/establish legal obligations or enforce our agreements. In the event of storage for longer periods, we will consider the importance of the data, in conjunction with the type of data, when we determine how long your data should be stored.
Personal data processed on the basis of your consent will generally be erased when you withdraw your consent, unless there is another legal basis for the processing of the personal data.
Cookies
Our websites use cookies, which are text files stored on your computer, mobile device or similar with the aim of recognising it, remembering settings, collecting statistics and targeting ads. Cookies cannot contain malicious code such as viruses.
It is possible for you to delete or block cookies.
Should you delete or block cookies, ads may become less relevant to you and appear more frequently. There may also be a risk that the website will not function properly and that you will not be able to access some content.
For specific information about the cookies that we use in connection with operating Shopify, the DFTP webshop, see https://www.shopify.com/legal/cookies.
Security and storage of your data
Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security”. In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential data to us.
Your rights and choices
In relation to our processing of your personal data, you have a number of rights under the General Data Protection Regulation.
These rights are as follows:
- Right to access - You have the right to obtain access to the data we process about you, as well as some additional information.
- Right to rectification - You have the right to have inaccurate information about you rectified.
- Right to erasure - In special cases, you have the right to have your personal data erased ahead of the time when we would usually erase these data.
- Right to restriction of processing - In some cases, you have the right to have the processing of your personal data restricted. If you have the right to restrict processing, we are only allowed to process the data – apart from storage – with your consent going forward, or with a view to establishing, enforcing or defending legal claims, or to protect a person or significant public interests.
- Right to object – In some cases, you have the right to object to our or lawful processing of your personal data. You can also object to the processing of your data for direct marketing.
- Right to data portability – In some cases, you have the right to receive your personal data in a structured and commonly used machine-readable format, and to have such personal data transmitted from one data controller to another without hindrance.
To exercise your rights, you can contact our customer service at nordlux@nordlux.com. All enquiries will be answered promptly, and where possible no later than 30 days from when the enquiry is received.
We will ask you to verify your identity or provide additional information in connection with a request. We require this in order to make sure that only you have access to your personal data, and that these data are not disclosed to someone pretending to be you.
Third-party websites and links
Our website may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliated with or controlled by us, you should review their privacy and security policies as well as their terms & conditions.
We do not guarantee and are not responsible for the privacy policies or security of such websites, including the accuracy, completeness or reliability of information found on these websites.
Information provided on public or semi-public platforms, including information you share on third-party social networking platforms, may also be accessed by other users of the service and/or users of the third-party platforms without restriction with respect to their use by us, or by a third party.
Our inclusion of such links does not in itself imply any endorsement of the content on such platforms or of their owners or operators, except as indicated in the services.
Children's data
The services are not intended for use by children, and we do not knowingly collect any personal data concerning children. If you are a parent or guardian of a child who has provided us with their personal data, you can contact us to request the erasure of these data.
As of the effective date of this Privacy Policy, we have no actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal data concerning individuals under the age of 18.
Changes to the Privacy Policy
The Nordlux Group is entitled to make changes to this Privacy Policy at any time. If there are changes to the Privacy Policy, you will be informed of this on your next visit to one of our websites, where the “last updated” date will be replaced. We will also take into account other applicable legislation in this area.
Right to file a complaint with the Danish Data Protection Agency
You have the option to file a complaint regarding our processing of your data if you are unhappy with the processing.
Complaints should be sent to:
Autoriteit Persoonsgegevens
Hoge Nieuwstraat 8
2514 EL The Hague
https://www.autoriteitpersoonsgegevens.nl/contact