4️⃣ Privacy Policy

Privacy Policy

Last updated: 10 July 2026

Page title: Privacy Policy · Shopify slug: privacy-policy

NORVEK ("we", "us", "our") treats the protection of your personal data as a matter of the utmost importance. This Privacy Policy explains transparently which personal data we collect, the reasons we collect it and how we handle it. The applicable legal frameworks are the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller within the meaning of the UK GDPR is the operator of the website norvek.com. Enquiries about this policy or about the way we handle your personal data should be addressed to contact@norvek.com. Full provider details are set out in our Legal Notice.

2. Types of Data We Process

When you place an order or contact us with an enquiry, we may process the following categories of personal data:

  • First name, surname and email address
  • Delivery and billing address
  • Telephone number (optional — used solely to provide delivery status updates)
  • Payment details (handled exclusively by our payment partners — card data is never stored by us)
  • Your order and purchase history
  • Technical data about your device and browsing behaviour (IP address, browser type, pages visited)

3. Purposes of Processing and Legal Bases

  • Order fulfilment — name, address, email and payment details are required to carry out the sales agreement concluded with you (Art. 6(1)(b) UK GDPR).
  • Client communication — including order confirmations, despatch notifications and customer service correspondence (Art. 6(1)(b) UK GDPR).
  • Continuous improvement — usage analysis enables us to develop and enhance our website on an ongoing basis (Art. 6(1)(f) UK GDPR — legitimate interest).
  • Legal compliance — business records are retained in line with applicable UK tax and commercial law (Art. 6(1)(c) UK GDPR).

4. Payment Processing

All transactions are processed by our certified partners — including Stripe, PayPal, Klarna and Viva Wallet — each of whom holds PCI DSS Level 1 accreditation. Card credentials are entered directly within their secured systems; the complete card number, CVV and expiry date are at no point seen or stored by NORVEK.

5. Data Retention Period

Order data is held for between 6 and 10 years in compliance with UK tax and accounting legislation — in particular HMRC requirements and the Companies Act 2006. Marketing preferences are retained until you choose to opt out. Data that is no longer required for the purpose for which it was collected is deleted or anonymised without delay.

6. Recipients of the Data

Personal data is shared with third parties only to the degree required to fulfil your order:

  • Shipping providers (e.g. Royal Mail, DHL, DPD, Evri, UPS) for the delivery of your goods
  • Payment partners for the secure processing of transactions
  • Email service providers for transactional communications
  • Hosting companies for the technical running of the website
  • Accountants and legal advisers, where required to fulfil statutory obligations

Appropriate data processing agreements have been concluded with all processors in accordance with Art. 28 UK GDPR.

7. Data Transfers to Third Countries

Transfers of personal data to countries outside the United Kingdom or the European Economic Area (EEA) take place only where an adequacy decision is in force, or where suitable protections — such as the Standard Contractual Clauses approved by the UK or EU Commission — are operative pursuant to Art. 45 ff. UK GDPR.

8. Cookies and Tracking

Our website makes use of cookies and comparable technologies. Full details are provided in our Cookie Policy. Non-essential cookies may be declined or adjusted at any time through the cookie banner or your browser preferences.

9. Your Rights as a Data Subject

With regard to your personal data, you are entitled to the following rights:

  • Right of access (Art. 15 UK GDPR) — you may request confirmation of what personal data we hold about you
  • Right to rectification (Art. 16 UK GDPR) — inaccurate data may be corrected
  • Right to erasure (Art. 17 UK GDPR) — where no statutory retention obligation applies
  • Right to restriction of processing (Art. 18 UK GDPR)
  • Right to data portability (Art. 20 UK GDPR)
  • Right to object (Art. 21 UK GDPR) — to processing based on legitimate interest
  • Right to withdraw consent at any time (Art. 7(3) UK GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 UK GDPR)

To exercise any of these rights, simply send a brief message to contact@norvek.com.

10. Security of Your Data

We maintain appropriate technical and organisational measures to safeguard your personal data against unauthorised access, loss or misuse — including SSL/TLS encryption, secured server infrastructure, strictly managed access controls and scheduled security audits.

11. Automated Decision-Making

We do not carry out automated decision-making or profiling within the meaning of Art. 22 UK GDPR.

12. Right to Complain

If you believe that our processing of your personal data is in breach of the UK GDPR, you have the right to file a complaint with a data protection supervisory authority — in particular the Information Commissioner's Office (ICO) in the United Kingdom (www.ico.org.uk), or the supervisory authority of any EU member state in which you are habitually resident, employed or where the alleged infringement occurred.

13. Updates to This Policy

We may amend this Privacy Policy from time to time in response to legislative developments or changes in our business. The version currently in force is always published on this page.